Table of ContentsPreviousNextIndex

Creating an attachment checking rule

An attachment checking rule allows you to block attachments of a certain type. The attachment checking rule differs from the content checking rule in that it only checks for a type of attachment. The content checking rule checks attachments also, but only for words contained in them.

If running in Exchange VSAPI mode: Be careful when applying attachment rules! Some MAPI applications running on Exchange might be using vbs or exe files. You need to ensure that if this is the case, you don't apply rules to quarantine exe or vbs files to mailboxes used by those applications.

To create an attachment checking rule:

1. Highlight the Attachment checking node in the GFI MailSecurity configuration. Right click and select New> Attachment checking rule.

2. A new rule will be created in the right pane. Double-click on this rule. A tabbed dialog will appear.

The attachment checking rule

3. Specify whether to apply this rule to inbound mails, internal mails, outbound mails or all. To understand how GFI MailSecurity determines whether a mail is inbound, internal or outbound, see the chapter 'Advanced Use'.

Checking attachments

4. Specify which attachments to block. You can specify a list of attachments types or names to block, or you can specify a list of attachments which are allowed through, such as doc or txt.

Adding a file type or file name to block

To add a file to block, click on the `Add' button. You can use asterisk (*) wildcards to specify file names that have certain strings in the name. For example specifying *orders*.mdb blocks files which contain the string 'orders' in the file name. *.jpg will block all jpg files.

You can also block attachments based on size. To do this simply select `Block files greater than' and enter attachment size.

The attachment checking rule `Actions' tab.
Specifying actions to be taken

5. After you have specified what the attachment rule should check for, you can now specify what should be done if GFI MailSecurity finds that type of attachment. You can choose from the following options:

Block attachment & perform action: Enabling this will block the attachment and allow you to either quarantine, delete or move the attachment.

Quarantine attachment: This will quarantine the attachment for review by an administrator. For more information on quarantining, see the chapter on Quarantining.

Delete attachment: This option will delete the attachment

Delete e-mail: (Gateway version only) This option will delete the entire e-mail.

Move attachment to folder: This option will move the attachment to a folder.

Notification

The following notification options are available

Notify user via mail: This option allows you to notify the user via e-mail that the attachment was blocked.

Notify manager via mail: This option allows you to notify the users manager via e-mail that the attachment was blocked. The manager of a user is specified in Active Directory. If no manager is specified the default manager is notified. The default manager can be configured from the quarantine options node.

Note: This option is only available if you have Active Directory. If you don't have Active Directory, the option is called "Notify Administrator via e-mail". The administrator email address can be configured in the quarantine options dialog.

Log occurrence of rule to this file: Optionally you can log the fact that a rule was `activated' to a log file of your choice.

Note: You can also choose not to block the attachment, but simply to notify the user or to log the occurrence of it.

Applying the rule to users

6. After you have configured what to check for and what to do, you can specify for which users GFI MailSecurity will apply this rule. By default, GFI MailSecurity will apply the rule to all email. However, you can choose to apply the rule to only a few users. This can be done from the users tab.

The Content checking rule `Users' tab

To add users, select add. GFI MailSecurity will automatically list all the users listed in Active Directory. If you do not have Active Directory, all known/imported SMTP addresses will be listed.

You can then select to which users to apply the rule. Alternatively you can select the users to which the rule should not apply. You can also apply the rule to one or more mail enabled public folders. When you are ready specifying to which users the rule will apply, click OK to save the rule.

Renaming the rule

After you have created and saved the rule, you can rename it. To do this, simply highlight the rule, right click and select `rename'.

Table of ContentsPreviousNextIndex