<html theme="default-light" iconset="color"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head><body text="#000000">Yeah, me neither - I'll have to ask some
Sophos crowd :-)<br>
<br>
Thanks anyway!<br>
<br>
Danita<br>
<br>
<br>
<span>Shawn Iverson via MailScanner wrote on 9/22/22 14:08:</span><br>
<blockquote type="cite"
cite="mid:8e36f763-4fdf-479c-9de9-3539bb09c570@summitgrid.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>I missed this was Sophos flagging the email. That will have to be
adjusted in that A/V engine. I'm not sure where that setting is.<br>
</p>
<div class="moz-cite-prefix">On 9/22/22 08:04, Shawn Iverson via
MailScanner wrote:<br>
</div>
<blockquote type="cite"
cite="mid:32b339ab-957e-a8d3-98f1-50fc22326be8@summitgrid.com"><meta
http-equiv="content-type" content="text/html; charset=utf-8">
<p><b><font color="yellow" size="+1">Warning: This message
originated from outside the organization. Use caution when
following links or opening attachments.</font></b><br>
</p>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>To do this just for that sender:</p>
<p>MailScanner.conf: (Typically in /etc/MailScanner)<br>
</p>
<p>Allow Password-Protected Archives = %rules-dir%/password.rules
<br>
</p>
<p>In password.rules in your %rules-dir% (Typically in
/etc/MailScanner/rules), tab separated:<br>
</p>
<p>From: <a class="moz-txt-link-abbreviated
moz-txt-link-freetext" href="mailto:sender@example.org"
moz-do-not-send="true">sender@example.org</a> yes</p>
<p>FromOrTo: default no<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 9/22/22 06:06, Danita Zanrè wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ebb400d9-0f76-bc44-341c-520f0754ca1b@caledonia.net"><meta
http-equiv="content-type" content="text/html; charset=utf-8">
<p><b><font color="yellow" size="+1">Warning: This message
originated from outside the organization. Use caution when
following links or opening attachments.</font></b><br>
</p>
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
Hi Peter,<br>
<br>
Yeah - I know - but this is a bank in the Netherlands who
insists on sending these password protected files. I'm not sure
how to get the files to the intended recipient otherwise. This
passes through to another entity's email system (so it's
unlikely to harm my own network), so I'm trying to make them
happy. I could simply tell them to have the bank "change their
policies" for them only, but you know what the likely outcome is
to that request.<br>
<br>
Danita<br>
<br>
<br>
<span>Peter Farrow via MailScanner wrote on 9/22/22 11:43:</span><br>
<blockquote type="cite"
cite="mid:de6c168a-621b-528d-0cc8-b3077a636ce6@togethia.net"><meta
http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>Dear Danita,<br>
</p>
<p>You should NEVER allow password-protected files.</p>
<p>A would be attacker sends a password-protected file, then
sends the password and the victim opens the file and any
malicious content gets let into the network "just like
that".</p>
<p>Whitelisting the sender means your network security relies
on their network security. Its not an issue it is "by
design".</p>
<p>Pete<br>
</p>
<div class="moz-signature">
<style type="text/css"></style>
<table style="font-family: Montserrat, Arial, Helvetica,
sans-serif;" border="0" cellspacing="0" cellpadding="0"
width="566">
<tbody>
<tr>
<td style="border-right:5px solid #0181db;"
width="140"><img
src="https://assets.togethia.net/email/Togethia/sig/EmailSignature1/Images/togethia_logo.png"
alt="" moz-do-not-send="true" height="125" width="217"></td>
<td width="326">
<table style="margin-left:22px;" border="0"
cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td style="font-size:14px; color:#0181db;
line-height:25px; font-weight:900;">Peter
Farrow BEng(Hons) BBC ETSI </td>
</tr>
<tr>
<td style="font-size:11px; color:#999999;
line-height:20px; padding-top:3px;"><span
style="color:#0181db; font-weight:900;">Office:
</span> <a href="tel:01249%20736181"
style="color:#999; text-decoration:none;" moz-do-not-send="true">01249
736180 | <span style="color:#0181db; font-weight:900;"></span>
</a></td>
</tr>
<tr>
<td style="font-size:11px; color:#999999;
line-height:20px; padding-top:3px;"><span
style="color:#0181db; font-weight:900;">Mobile:</span>
<a href="tel:+44%20%280%29%207799605617"
style="color:#999; text-decoration:none;" moz-do-not-send="true"> +44
(0) 7799605617</a></td>
</tr>
<tr>
<td style="font-size:11px; color:#999999;
line-height:18px;"><span
style="color:#0181db; font-weight:900;">Email:</span>
<a href="mail:peter.farrow@togethia.net"
style="color:#999; text-decoration:none;" moz-do-not-send="true"><font
color="red"><b>MailScanner has detected a possible fraud attempt from
"mail:peter.farrow@togethia.net" claiming to be</b></font> <font
color="red"><b>MailScanner
has detected a possible fraud attempt
from "mail:peter.farrow@togethia.net"
claiming to be</b></font> <font
color="red"><b>MailScanner has detected
a possible fraud attempt from
"mail:peter.farrow@togethia.net"
claiming to be</b></font> <font
color="red"><b>MailScanner has detected
a possible fraud attempt from
"mail:peter.farrow@togethia.net"
claiming to be</b></font>
peter.farrow@togethia.net</a></td>
</tr>
<tr>
<td style="font-size:11px; color:#999999;
line-height:18px;"><span
style="color:#0181db; font-weight:900;">Website:
</span> <a href="https://www.togethia.it"
style="color:#999; text-decoration:none;" moz-do-not-send="true">www.togethia.it</a></td>
</tr>
<tr>
<td style="padding-top:5px;" valign="bottom"><a
href="https://facebook.com/togethiait" moz-do-not-send="true"><img
style="padding-right:5px;"
src="https://assets.togethia.net/email/Togethia/sig/EmailSignature1/Images/icon_fb_togethia.png"
alt="" moz-do-not-send="true" height="17" width="18"></a> <a
href="skype:peter_farrow" moz-do-not-send="true"><img
style="padding-right:5px;"
src="https://assets.togethia.net/email/Togethia/sig/EmailSignature1/Images/icon_togethia_skype.png"
alt="" moz-do-not-send="true" height="17" width="18"></a> </td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
<div class="moz-cite-prefix">On 22/09/2022 10:39, Danita Zanrè
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:b50f13ee-36ae-6a9f-5daf-222f29417f6d@caledonia.net"><meta
http-equiv="content-type" content="text/html; charset=utf-8">
Hello everyone. Can someone remind me of what I would need
to do to allow these files through, or just whitelist this
particular sender? I believe this is probably a "Sophos"
issue, but you are my go-to group for solving these issues!<br>
<br>
<font color="#cd232c">Sophos: Password protected file
/data/MailScanner/incoming/27332/8AA72173CF1.A944B/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.zip/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.PDF<br>
<br>
<span style="color: rgb(0, 0, 0);">Thanks for any help
here! <br>
<br>
Danita<br>
<br>
</span></font> <br>
<fieldset class="moz-mime-attachment-header"></fieldset></blockquote>
<lt-container></lt-container> <br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br></blockquote>
<br>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset></blockquote>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset></blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">
</pre>
</blockquote>
<br>
</body></html>