<html theme="default-light" iconset="color"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head><body text="#000000">Yeah, me neither - I'll have to ask some 
Sophos crowd :-)<br>
<br>
Thanks anyway!<br>
<br>
Danita<br>
<br>
<br>
<span>Shawn Iverson via MailScanner wrote on 9/22/22 14:08:</span><br>
<blockquote type="cite" 
cite="mid:8e36f763-4fdf-479c-9de9-3539bb09c570@summitgrid.com">
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  
  
    
  <p>I missed this was Sophos flagging the email. That will have to be
      adjusted in that A/V engine. I'm not sure where that setting is.<br>
    </p>

    
  <div class="moz-cite-prefix">On 9/22/22 08:04, Shawn Iverson via
      MailScanner wrote:<br>
    </div>

    
  <blockquote type="cite" 
cite="mid:32b339ab-957e-a8d3-98f1-50fc22326be8@summitgrid.com"><meta 
http-equiv="content-type" content="text/html; charset=utf-8">
      <p><b><font color="yellow" size="+1">Warning: This message
            originated from outside the organization. Use caution when
            following links or opening attachments.</font></b><br>
      </p>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <p>To do this just for that sender:</p>
      <p>MailScanner.conf: (Typically in /etc/MailScanner)<br>
      </p>
      <p>Allow Password-Protected Archives = %rules-dir%/password.rules
        <br>
      </p>
      <p>In password.rules in your %rules-dir% (Typically in
        /etc/MailScanner/rules), tab separated:<br>
      </p>
      <p>From:    <a class="moz-txt-link-abbreviated
          moz-txt-link-freetext" href="mailto:sender@example.org" 
moz-do-not-send="true">sender@example.org</a>    yes</p>
      <p>FromOrTo:    default     no<br>
      </p>
      <p><br>
      </p>
      <div class="moz-cite-prefix">On 9/22/22 06:06, Danita Zanrè wrote:<br>
      </div>
      <blockquote type="cite" 
cite="mid:ebb400d9-0f76-bc44-341c-520f0754ca1b@caledonia.net"><meta 
http-equiv="content-type" content="text/html; charset=utf-8">
        <p><b><font color="yellow" size="+1">Warning: This message
              originated from outside the organization. Use caution when
              following links or opening attachments.</font></b><br>
        </p>
        <meta http-equiv="Content-Type" content="text/html; 
charset=utf-8">
        Hi Peter,<br>
        <br>
        Yeah - I know - but this is a bank in the Netherlands who
        insists on sending these password protected files. I'm not sure
        how to get the files to the intended recipient otherwise. This
        passes through to another entity's email system (so it's
        unlikely to harm my own network), so I'm trying to make them
        happy.  I could simply tell them to have the bank "change their
        policies" for them only, but you know what the likely outcome is
        to that request.<br>
        <br>
        Danita<br>
        <br>
        <br>
        <span>Peter Farrow via MailScanner wrote on 9/22/22 11:43:</span><br>
        <blockquote type="cite" 
cite="mid:de6c168a-621b-528d-0cc8-b3077a636ce6@togethia.net"><meta 
http-equiv="Content-Type" content="text/html; charset=utf-8">
          <p>Dear Danita,<br>
          </p>
          <p>You should NEVER allow password-protected files.</p>
          <p>A would be attacker sends a password-protected file, then
            sends the password and the victim opens the file and any
            malicious content gets let into the network "just like
            that".</p>
          <p>Whitelisting the sender means your network security relies
            on their network security.  Its not an issue it is "by
            design".</p>
          <p>Pete<br>
          </p>
          <div class="moz-signature">
            <style type="text/css"></style>
            <table style="font-family: Montserrat, Arial, Helvetica,
              sans-serif;" border="0" cellspacing="0" cellpadding="0" 
width="566">
              <tbody>
                <tr>
                  <td style="border-right:5px solid #0181db;" 
width="140"><img 
src="https://assets.togethia.net/email/Togethia/sig/EmailSignature1/Images/togethia_logo.png"
 alt="" moz-do-not-send="true" height="125" width="217"></td>
                  <td width="326">
                    <table style="margin-left:22px;" border="0" 
cellspacing="0" cellpadding="0">
                      <tbody>
                        <tr>
                          <td style="font-size:14px; color:#0181db;
                            line-height:25px; font-weight:900;">Peter
                            Farrow BEng(Hons) BBC ETSI </td>
                        </tr>
                        <tr>
                          <td style="font-size:11px; color:#999999;
                            line-height:20px; padding-top:3px;"><span 
style="color:#0181db; font-weight:900;">Office:
                            </span> <a href="tel:01249%20736181" 
style="color:#999; text-decoration:none;" moz-do-not-send="true">01249 
736180 | <span style="color:#0181db; font-weight:900;"></span>
                            </a></td>
                        </tr>
                        <tr>
                          <td style="font-size:11px; color:#999999;
                            line-height:20px; padding-top:3px;"><span 
style="color:#0181db; font-weight:900;">Mobile:</span>
                            <a href="tel:+44%20%280%29%207799605617" 
style="color:#999; text-decoration:none;" moz-do-not-send="true"> +44 
(0) 7799605617</a></td>
                        </tr>
                        <tr>
                          <td style="font-size:11px; color:#999999;
                            line-height:18px;"><span 
style="color:#0181db; font-weight:900;">Email:</span>
                            <a href="mail:peter.farrow@togethia.net" 
style="color:#999; text-decoration:none;" moz-do-not-send="true"><font 
color="red"><b>MailScanner has detected a possible fraud attempt from 
"mail:peter.farrow@togethia.net" claiming to be</b></font> <font 
color="red"><b>MailScanner
                                  has detected a possible fraud attempt
                                  from "mail:peter.farrow@togethia.net"
                                  claiming to be</b></font> <font 
color="red"><b>MailScanner has detected
                                  a possible fraud attempt from
                                  "mail:peter.farrow@togethia.net"
                                  claiming to be</b></font> <font 
color="red"><b>MailScanner has detected
                                  a possible fraud attempt from
                                  "mail:peter.farrow@togethia.net"
                                  claiming to be</b></font>
                              peter.farrow@togethia.net</a></td>
                        </tr>
                        <tr>
                          <td style="font-size:11px; color:#999999;
                            line-height:18px;"><span 
style="color:#0181db; font-weight:900;">Website:
                            </span> <a href="https://www.togethia.it" 
style="color:#999; text-decoration:none;" moz-do-not-send="true">www.togethia.it</a></td>
                        </tr>
                        <tr>
                          <td style="padding-top:5px;" valign="bottom"><a
 href="https://facebook.com/togethiait" moz-do-not-send="true"><img 
style="padding-right:5px;" 
src="https://assets.togethia.net/email/Togethia/sig/EmailSignature1/Images/icon_fb_togethia.png"
 alt="" moz-do-not-send="true" height="17" width="18"></a> <a 
href="skype:peter_farrow" moz-do-not-send="true"><img 
style="padding-right:5px;" 
src="https://assets.togethia.net/email/Togethia/sig/EmailSignature1/Images/icon_togethia_skype.png"
 alt="" moz-do-not-send="true" height="17" width="18"></a> </td>
                        </tr>
                      </tbody>
                    </table>
                  </td>
                </tr>
              </tbody>
            </table>
          </div>
          <div class="moz-cite-prefix">On 22/09/2022 10:39, Danita Zanrè
            wrote:<br>
          </div>
          <blockquote type="cite" 
cite="mid:b50f13ee-36ae-6a9f-5daf-222f29417f6d@caledonia.net"><meta 
http-equiv="content-type" content="text/html; charset=utf-8">
            Hello everyone.  Can someone remind  me of what I would need
            to do to allow these files through, or just whitelist this
            particular sender?  I believe this is probably a "Sophos"
            issue, but you are my go-to group for solving these issues!<br>
            <br>
            <font color="#cd232c">Sophos: Password protected file
/data/MailScanner/incoming/27332/8AA72173CF1.A944B/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.zip/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.PDF<br>
              <br>
              <span style="color: rgb(0, 0, 0);">Thanks for any help
                here!  <br>
                <br>
                Danita<br>
                <br>
              </span></font> <br>
            <fieldset class="moz-mime-attachment-header"></fieldset></blockquote>
          <lt-container></lt-container> <br>
          <fieldset class="mimeAttachmentHeader"></fieldset>
          <br></blockquote>
        <br>
        <br>
        <fieldset class="moz-mime-attachment-header"></fieldset></blockquote>
      <br>
      <fieldset class="moz-mime-attachment-header"></fieldset></blockquote>

  


  <br>
  <fieldset class="mimeAttachmentHeader"></fieldset>
  <br>
  <pre wrap="">

</pre>
</blockquote>
<br>
</body></html>