Allow this type of password protected file
Shawn Iverson
shawniverson at summitgrid.com
Thu Sep 22 12:04:59 UTC 2022
To do this just for that sender:
MailScanner.conf: (Typically in /etc/MailScanner)
Allow Password-Protected Archives = %rules-dir%/password.rules
In password.rules in your %rules-dir% (Typically in
/etc/MailScanner/rules), tab separated:
From: sender at example.org yes
FromOrTo: default no
On 9/22/22 06:06, Danita Zanrè wrote:
>
> *Warning: This message originated from outside the organization. Use
> caution when following links or opening attachments.*
>
> Hi Peter,
>
> Yeah - I know - but this is a bank in the Netherlands who insists on
> sending these password protected files. I'm not sure how to get the
> files to the intended recipient otherwise. This passes through to
> another entity's email system (so it's unlikely to harm my own
> network), so I'm trying to make them happy. I could simply tell them
> to have the bank "change their policies" for them only, but you know
> what the likely outcome is to that request.
>
> Danita
>
>
> Peter Farrow via MailScanner wrote on 9/22/22 11:43:
>>
>> Dear Danita,
>>
>> You should NEVER allow password-protected files.
>>
>> A would be attacker sends a password-protected file, then sends the
>> password and the victim opens the file and any malicious content gets
>> let into the network "just like that".
>>
>> Whitelisting the sender means your network security relies on their
>> network security. Its not an issue it is "by design".
>>
>> Pete
>>
>>
>> Peter Farrow BEng(Hons) BBC ETSI
>> Office: 01249 736180 | <tel:01249%20736181>
>> Mobile: +44 (0) 7799605617 <tel:+44%20%280%29%207799605617>
>> Email: *MailScanner has detected a possible fraud attempt from
>> "mail:peter.farrow at togethia.net" claiming to be*
>> peter.farrow at togethia.net <mail:peter.farrow at togethia.net>
>> Website: www.togethia.it <https://www.togethia.it>
>> <https://facebook.com/togethiait> <skype:peter_farrow>
>>
>> On 22/09/2022 10:39, Danita Zanrè wrote:
>>> Hello everyone. Can someone remind me of what I would need to do
>>> to allow these files through, or just whitelist this particular
>>> sender? I believe this is probably a "Sophos" issue, but you are my
>>> go-to group for solving these issues!
>>>
>>> Sophos: Password protected file
>>> /data/MailScanner/incoming/27332/8AA72173CF1.A944B/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.zip/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.PDF
>>>
>>> Thanks for any help here!
>>>
>>> Danita
>>>
>>>
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20220922/9fe2b67e/attachment.html>
More information about the MailScanner
mailing list