Configuring Attachment Management Definitions and Policies

Document created by user.oxriBaJeN4 Employee on Sep 11, 2015Last modified by user.Yo2IBgvWqr on Oct 9, 2017
Version 12Show Document
  • View in full screen mode

An Attachment Management policy monitors attachments going in or out of your environment. Each policy uses a definition that applies the rules for handling attachment types. Attachments can be:

  • Stripped from the message and substituted with a link (stripped and linked).
  • Denied by size.
  • Held for review.

These restrictions are applied to the true Multipurpose Internet Mail Extensions (MIME) type of an attachment. This means renaming a file extension won't bypass the system. With the exception of the held option, strip and deny options can be overridden using the Large File Send function.

A default attachment management policy and definition, called "Default Dangerous File Blocking", is created during the implementation process. They block a list of dangerous file types that should be prevented from being delivered. See the Dangerous File Types page for full details.

When an attachment is blocked:

  • The message is delivered without the attachment.
  • The attachment is held in a queue.
  • If configured, the message contains a notification informing the recipient that an attachment was stripped.
  • If the recipient feels the attachment is legitimate, they can contact their administrator to request its release.

 

Configuring an Attachment Set Definition

 

To configure an Attachment Management Set definition:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A menu drop down is displayed.
  3. Click on the Gateway | Policies menu item.
  4. Click on the Definitions drop down. A list of the definition types is displayed.
    Definition list
  5. Select the Attachment Sets definition type from the list. The list of definitions is displayed.
  6. Click in a Folder in the navigator where the definition exists or will be placed.
    You cannot create a definition in the Root folder.
  7. Click on either the:
    • Definition to be changed.
    • New Attachment Set Definition button to create a definition.
  8. Complete the General Properties as follows:
    Field / OptionDescription
    DescriptionEnter a description for the definition that distinguishes it from other attachment set definitions.
    Default Block / Allow

    Controls whether the Deny or Allow column is displayed in the Content Types section. When the definition is saved, an icon indicates the chosen value in the list of definitions:

    Icon Column DisplayedDescription
    DenyBlock Specified Content Types (Allow or Link All Others)
    AllowAllow Specified Content Types (Block or Link All Others)
    Pornographic Image SettingSpecify a  percentage likelihood that an image file contains pornography. We compare the image to others known to contain a security risk. If the chance of the image containing pornographic images matches the specified percentage value, the message is held in the administrator held queue.
    • Scanned image file formats include .BMP, .JPG, .TIF, .PNG, .GIF, .WBMP, .TGA, and .PCX.
    • Microsoft Office 2007 or after files (.e.g. DOCX, .XLSX, .PPTX) and .ZIP archives are scanned. Legacy office documents (.DOC, .XLS, .PPT), .PDF and archive formats other than ZIP cannot be scanned.
    Encrypted ArchivesControls how encrypted or password protected archive files are processed.
    ValueDescription
    AllowBypasses the attachment, without scanning their content.
    LinkStrips the attachment, and sends the recipient a notification containing a link.
    HoldPlaces the message on hold.
    BlockStrips the attachment from the message, and places it in the administrative hold queue.
    Unreadable ArchivesControls the handling of unencrypted archives that fail to extracted correctly.
    Encrypted DocumentsControls how password protected Office filess (e.g. .DOCX, .XLSX) are processed.
    Scan for Disallowed Extensions Within Legacy Microsoft Office FilesIf selected, legacy Microsoft Office attachments are scanned for embedded files (e.g. embedded .BAT files in a Word document).
  9. Complete the Hold / Block Notification Options as follows:
    Field / OptionDescription
    Hold TypeControls whether held messages in the Mimecast Personal Portal and Mimecast for Outlook on hold queue are restricted. For Data Leak Prevention (DLP) reasons, a user can't release outbound items that were placed On Hold due to content examination.
    Moderator GroupSpecify a group of moderators, via the Lookup button, to notify them that the policy has been triggered. This field is not displayed if the "Hold Type" field is set to "Administrator".
    Notify GroupSpecifies a group of users via the Lookup button, to notify them that the policy has been triggered.
    Notify (Internal) SenderIf selected, the sender is notified if an internal message they send triggers a policy.
    Notify (External) SenderIf selected, the sender is notified if an external message they send triggers a policy.
    Notify (Internal) RecipientIf selected, the recipient is notified if an internal message they receive triggers a policy.
    Notify (External) RecipientIf selected, the recipient is notified if an external message they receive triggers a policy.
    Notify OverseersIf selected, users configured by a Content Overseers policy are informed when the policy is triggered.
  10. Complete the Content Types as follows. Each file extension has the following options:
    Field / OptionDescription
    LFS OverrideIf selected, Large File Send has been enabled for your account and takes preference over the Deny, Hold, and Link settings.
    DenyIf selected, all messages containing attachments whose total size exceeds the value specified in the "Size(KB)" field, are stripped and replaced with a substitute file. This file informs the recipient that the attachment was removed, and to contact their administrator. If a value of "0" is specified, all messages with attachments regardless of the file size are denied.
    AllowIf selected, all messages containing attachments whose total size exceeds the value specified in the "Size(KB)" field, are allowed. If a value of "0" is specified, all messages with attachments regardless of the file size are allowed.
    HoldIf selected, all messages containing attachments whose total size exceeds the value specified in the "Size(KB)" field, are held. If a value of "0" is specified, all messages with attachments regardless of the file size are held.
    LinkIf selected, all messages containing attachments whose total size exceeds the value specified in the "Size(KB)" field, are replaced by links. If a value of "0" is specified, all messages with attachments are replaced by links regardless of file size.
  11. Click on the Save and Exit button.

 

Filtering the Content Types List

 

To filter the file extensions listed in the Content Types section:

  1. Click the View toolbar button.
  2. Click on one of the following menu items:
    • View Common Extensions
    • View Dangerous Extensions
    • View Base Extensions
    • View Mime Extensions

 

Configuring an Attachment Management Policy

 

To configure an Attachment Management policy:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A menu drop down is displayed.
  3. Click on the Gateway | Policies menu item. The Gateway Policy Editor is displayed.
  4. Click on Attachment Management. A list of policies is displayed.
  5. Cllick on either the:
    • Policy to be changed.
    • New Policy button to create a policy.
  6. Complete the Options Section as required:
    Field / OptionDescription
    Policy NarrativeProvide a description for the policy to allow you to easily identify it in the future.
    Set Attachment Management PolicyUse the Lookup button to select the required Attachment Set definition for the policy.
  7. Complete the Emails From and Emails To sections as required:
    Field / OptionDescription
    Addresses Based OnSpecify the email address characteristics the policy is based on. This option is only available in the "Emails From" section. The options are:
    OptionDescription
    The Return Address (Mail Envelope From)This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission).
    The Message From Address (Message Header From)Applies the policy based on the masked address used in the message's header.
    BothApplies the policy based on either the Mail Envelope From or the Message Header From whichever matches. When both match, the specified value the Message Header From will be used.
    Applies From / ToSpecify the sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:
    OptionDescription
    EveryoneIncludes all email users (i.e. both internal and external). This option is only available in the "Emails From" section.
    Internal AddressIncludes only internal organization addresses.
    External AddressIncludes only external organization addresses. This option is only available in the "Emails From" section.
    Email DomainEnables you to specify a domain name to which this policy is applied. The domain name is entered in the Specifically field.
    Address GroupsEnables you to specify a predefined directory or local group. The group is selected from the Profile Group field. Click on the Lookup button to specify the group it is applicable to. Click on the Show Location field to display the path of the directory group or profile group.
    Address AttributesEnables you to specify a predefined Attribute. The attribute is selected from the Where Attribute drop down list. Once the Attribute is specified, an Attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts.
    Individual Email AddressEnables you to specify an SMTP address. The email address is entered in the Specifically field.
    Only one Attachment Management policy can be applied to any given message. If you have multiple policies with the same From and To variables, only one of these will take effect.
  8. Complete the Validity section as required:
    Field / OptionDescription
    Enable / DisableUse this option to enable (default) or disable a policy. Disabling the policy allows you to prevent it from being applied without having to delete or back date the policy. Should the configured date range of a policy be reached the policy will become disabled automatically.
    Set Policy as PerpetualSpecifies that the policy's start and end dates are set to "Eternal", meaning the policy never expires.
    Date RangeSpecify a start and end date for the policy. This automatically deselects the "Eternal" option.
    Policy OverrideSelect this option to override the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type have also been configured with an override.
    Bi-DirectionalIf selected, the policy also applies when the policy's recipient is the sender and the sender is the recipient.
    Source IP Ranges (n.n.n.n/x)Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
  9. Click on the Save and Exit button.

See Also...

 

1 person found this helpful

Attachments

    Outcomes