Allow this type of password protected file
Danita Zanrè
danita at caledonia.net
Thu Sep 22 15:03:08 UTC 2022
Yeah, me neither - I'll have to ask some Sophos crowd :-)
Thanks anyway!
Danita
Shawn Iverson via MailScanner wrote on 9/22/22 14:08:
>
> I missed this was Sophos flagging the email. That will have to be
> adjusted in that A/V engine. I'm not sure where that setting is.
>
> On 9/22/22 08:04, Shawn Iverson via MailScanner wrote:
>>
>> *Warning: This message originated from outside the organization. Use
>> caution when following links or opening attachments.*
>>
>> To do this just for that sender:
>>
>> MailScanner.conf: (Typically in /etc/MailScanner)
>>
>> Allow Password-Protected Archives = %rules-dir%/password.rules
>>
>> In password.rules in your %rules-dir% (Typically in
>> /etc/MailScanner/rules), tab separated:
>>
>> From: sender at example.org yes
>>
>> FromOrTo: default no
>>
>>
>> On 9/22/22 06:06, Danita Zanrè wrote:
>>>
>>> *Warning: This message originated from outside the organization. Use
>>> caution when following links or opening attachments.*
>>>
>>> Hi Peter,
>>>
>>> Yeah - I know - but this is a bank in the Netherlands who insists on
>>> sending these password protected files. I'm not sure how to get the
>>> files to the intended recipient otherwise. This passes through to
>>> another entity's email system (so it's unlikely to harm my own
>>> network), so I'm trying to make them happy. I could simply tell
>>> them to have the bank "change their policies" for them only, but you
>>> know what the likely outcome is to that request.
>>>
>>> Danita
>>>
>>>
>>> Peter Farrow via MailScanner wrote on 9/22/22 11:43:
>>>>
>>>> Dear Danita,
>>>>
>>>> You should NEVER allow password-protected files.
>>>>
>>>> A would be attacker sends a password-protected file, then sends the
>>>> password and the victim opens the file and any malicious content
>>>> gets let into the network "just like that".
>>>>
>>>> Whitelisting the sender means your network security relies on their
>>>> network security. Its not an issue it is "by design".
>>>>
>>>> Pete
>>>>
>>>>
>>>> Peter Farrow BEng(Hons) BBC ETSI
>>>> Office: 01249 736180 | <tel:01249%20736181>
>>>> Mobile: +44 (0) 7799605617 <tel:+44%20%280%29%207799605617>
>>>> Email: *MailScanner has detected a possible fraud attempt from
>>>> "mail:peter.farrow at togethia.net" claiming to be* *MailScanner has
>>>> detected a possible fraud attempt from
>>>> "mail:peter.farrow at togethia.net" claiming to be* *MailScanner has
>>>> detected a possible fraud attempt from
>>>> "mail:peter.farrow at togethia.net" claiming to be* *MailScanner has
>>>> detected a possible fraud attempt from
>>>> "mail:peter.farrow at togethia.net" claiming to be*
>>>> peter.farrow at togethia.net <mail:peter.farrow at togethia.net>
>>>> Website: www.togethia.it <https://www.togethia.it>
>>>> <https://facebook.com/togethiait> <skype:peter_farrow>
>>>>
>>>> On 22/09/2022 10:39, Danita Zanrè wrote:
>>>>> Hello everyone. Can someone remind me of what I would need to do
>>>>> to allow these files through, or just whitelist this particular
>>>>> sender? I believe this is probably a "Sophos" issue, but you are
>>>>> my go-to group for solving these issues!
>>>>>
>>>>> Sophos: Password protected file
>>>>> /data/MailScanner/incoming/27332/8AA72173CF1.A944B/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.zip/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.PDF
>>>>>
>>>>> Thanks for any help here!
>>>>>
>>>>> Danita
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20220922/dcdfda86/attachment.html>
More information about the MailScanner
mailing list