Allow this type of password protected file
Shawn Iverson
shawniverson at summitgrid.com
Thu Sep 22 12:08:29 UTC 2022
I missed this was Sophos flagging the email. That will have to be
adjusted in that A/V engine. I'm not sure where that setting is.
On 9/22/22 08:04, Shawn Iverson via MailScanner wrote:
>
> *Warning: This message originated from outside the organization. Use
> caution when following links or opening attachments.*
>
> To do this just for that sender:
>
> MailScanner.conf: (Typically in /etc/MailScanner)
>
> Allow Password-Protected Archives = %rules-dir%/password.rules
>
> In password.rules in your %rules-dir% (Typically in
> /etc/MailScanner/rules), tab separated:
>
> From: sender at example.org yes
>
> FromOrTo: default no
>
>
> On 9/22/22 06:06, Danita Zanrè wrote:
>>
>> *Warning: This message originated from outside the organization. Use
>> caution when following links or opening attachments.*
>>
>> Hi Peter,
>>
>> Yeah - I know - but this is a bank in the Netherlands who insists on
>> sending these password protected files. I'm not sure how to get the
>> files to the intended recipient otherwise. This passes through to
>> another entity's email system (so it's unlikely to harm my own
>> network), so I'm trying to make them happy. I could simply tell them
>> to have the bank "change their policies" for them only, but you know
>> what the likely outcome is to that request.
>>
>> Danita
>>
>>
>> Peter Farrow via MailScanner wrote on 9/22/22 11:43:
>>>
>>> Dear Danita,
>>>
>>> You should NEVER allow password-protected files.
>>>
>>> A would be attacker sends a password-protected file, then sends the
>>> password and the victim opens the file and any malicious content
>>> gets let into the network "just like that".
>>>
>>> Whitelisting the sender means your network security relies on their
>>> network security. Its not an issue it is "by design".
>>>
>>> Pete
>>>
>>>
>>> Peter Farrow BEng(Hons) BBC ETSI
>>> Office: 01249 736180 | <tel:01249%20736181>
>>> Mobile: +44 (0) 7799605617 <tel:+44%20%280%29%207799605617>
>>> Email: *MailScanner has detected a possible fraud attempt from
>>> "mail:peter.farrow at togethia.net" claiming to be* *MailScanner has
>>> detected a possible fraud attempt from
>>> "mail:peter.farrow at togethia.net" claiming to be* *MailScanner has
>>> detected a possible fraud attempt from
>>> "mail:peter.farrow at togethia.net" claiming to be*
>>> peter.farrow at togethia.net <mail:peter.farrow at togethia.net>
>>> Website: www.togethia.it <https://www.togethia.it>
>>> <https://facebook.com/togethiait> <skype:peter_farrow>
>>>
>>> On 22/09/2022 10:39, Danita Zanrè wrote:
>>>> Hello everyone. Can someone remind me of what I would need to do
>>>> to allow these files through, or just whitelist this particular
>>>> sender? I believe this is probably a "Sophos" issue, but you are
>>>> my go-to group for solving these issues!
>>>>
>>>> Sophos: Password protected file
>>>> /data/MailScanner/incoming/27332/8AA72173CF1.A944B/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.zip/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.PDF
>>>>
>>>> Thanks for any help here!
>>>>
>>>> Danita
>>>>
>>>>
>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20220922/640724a7/attachment.html>
More information about the MailScanner
mailing list