<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>To do this just for that sender:</p>
<p>MailScanner.conf: (Typically in /etc/MailScanner)<br>
</p>
<p>Allow Password-Protected Archives = %rules-dir%/password.rules <br>
</p>
<p>In password.rules in your %rules-dir% (Typically in
/etc/MailScanner/rules), tab separated:<br>
</p>
<p>From: <a class="moz-txt-link-abbreviated" href="mailto:sender@example.org">sender@example.org</a> yes</p>
<p>FromOrTo: default no<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 9/22/22 06:06, Danita Zanrè wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ebb400d9-0f76-bc44-341c-520f0754ca1b@caledonia.net">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<p><b><font size="+1" color="yellow">Warning: This message
originated from outside the organization. Use caution when
following links or opening attachments.</font></b><br>
</p>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Hi Peter,<br>
<br>
Yeah - I know - but this is a bank in the Netherlands who insists
on sending these password protected files. I'm not sure how to get
the files to the intended recipient otherwise. This passes through
to another entity's email system (so it's unlikely to harm my own
network), so I'm trying to make them happy. I could simply tell
them to have the bank "change their policies" for them only, but
you know what the likely outcome is to that request.<br>
<br>
Danita<br>
<br>
<br>
<span>Peter Farrow via MailScanner wrote on 9/22/22 11:43:</span><br>
<blockquote type="cite"
cite="mid:de6c168a-621b-528d-0cc8-b3077a636ce6@togethia.net">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<p>Dear Danita,<br>
</p>
<p>You should NEVER allow password-protected files.</p>
<p>A would be attacker sends a password-protected file, then
sends the password and the victim opens the file and any
malicious content gets let into the network "just like that".</p>
<p>Whitelisting the sender means your network security relies on
their network security. Its not an issue it is "by design".</p>
<p>Pete<br>
</p>
<div class="moz-signature">
<style type="text/css"></style>
<table style="font-family: Montserrat, Arial, Helvetica,
sans-serif;" width="566" cellspacing="0" cellpadding="0"
border="0">
<tbody>
<tr>
<td style="border-right:5px solid #0181db;" width="140"><img
src="https://assets.togethia.net/email/Togethia/sig/EmailSignature1/Images/togethia_logo.png"
alt="" moz-do-not-send="true" width="217"
height="125"></td>
<td width="326">
<table style="margin-left:22px;" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<td style="font-size:14px; color:#0181db;
line-height:25px; font-weight:900;">Peter
Farrow BEng(Hons) BBC ETSI </td>
</tr>
<tr>
<td style="font-size:11px; color:#999999;
line-height:20px; padding-top:3px;"><span
style="color:#0181db; font-weight:900;">Office:
</span> <a href="tel:01249%20736181"
style="color:#999; text-decoration:none;"
moz-do-not-send="true">01249 736180 | <span
style="color:#0181db; font-weight:900;"></span>
</a></td>
</tr>
<tr>
<td style="font-size:11px; color:#999999;
line-height:20px; padding-top:3px;"><span
style="color:#0181db; font-weight:900;">Mobile:</span>
<a href="tel:+44%20%280%29%207799605617"
style="color:#999; text-decoration:none;"
moz-do-not-send="true"> +44 (0) 7799605617</a></td>
</tr>
<tr>
<td style="font-size:11px; color:#999999;
line-height:18px;"><span style="color:#0181db;
font-weight:900;">Email:</span> <a
href="mail:peter.farrow@togethia.net"
style="color:#999; text-decoration:none;"
moz-do-not-send="true"><font color="red"><b>MailScanner has detected a possible fraud attempt from "mail:peter.farrow@togethia.net" claiming to be</b></font> <font color="red"><b>MailScanner
has detected a possible fraud attempt
from "mail:peter.farrow@togethia.net"
claiming to be</b></font>
peter.farrow@togethia.net</a></td>
</tr>
<tr>
<td style="font-size:11px; color:#999999;
line-height:18px;"><span style="color:#0181db;
font-weight:900;">Website: </span> <a
href="https://www.togethia.it"
style="color:#999; text-decoration:none;"
moz-do-not-send="true">www.togethia.it</a></td>
</tr>
<tr>
<td style="padding-top:5px;" valign="bottom"><a
href="https://facebook.com/togethiait"
moz-do-not-send="true"><img
style="padding-right:5px;"
src="https://assets.togethia.net/email/Togethia/sig/EmailSignature1/Images/icon_fb_togethia.png"
alt="" moz-do-not-send="true" width="18"
height="17"></a> <a
href="skype:peter_farrow"
moz-do-not-send="true"><img
style="padding-right:5px;"
src="https://assets.togethia.net/email/Togethia/sig/EmailSignature1/Images/icon_togethia_skype.png"
alt="" moz-do-not-send="true" width="18"
height="17"></a> </td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
<div class="moz-cite-prefix">On 22/09/2022 10:39, Danita Zanrè
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:b50f13ee-36ae-6a9f-5daf-222f29417f6d@caledonia.net">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
Hello everyone. Can someone remind me of what I would need
to do to allow these files through, or just whitelist this
particular sender? I believe this is probably a "Sophos"
issue, but you are my go-to group for solving these issues!<br>
<br>
<font color="#cd232c">Sophos: Password protected file
/data/MailScanner/incoming/27332/8AA72173CF1.A944B/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.zip/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.PDF<br>
<br>
<span style="color: rgb(0, 0, 0);">Thanks for any help
here! <br>
<br>
Danita<br>
<br>
</span></font> <br>
<fieldset class="moz-mime-attachment-header"></fieldset>
</blockquote>
<lt-container></lt-container> <br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">
</pre>
</blockquote>
</body>
</html>