Phone Lines icon GFI Support

Articles in this section

See more

Creating a Whitelist Policy for Password Protected Files

Author: Luis Fernandes Updated

Overview

An organization wants to allow some users to receive password protected files, but the Decompression Engine rule that blocks password protected files does not allow exceptions.

Environment

  • GFI MailEssentials 20.3 with all patches installed or later
  • GFI MailEssentials installed in Active Directory mode

Resolution

The following two-step workaround lets administrators create an exception, using a whitelist policy which allows password protected files to pass through the Decompression Engine based on Username, User Group, and Public Folder Name.

Step 1: Create an Attachment Filtering rule

  1. Log in to GFI MailEssentials configuration page.

  2. Go to Content Filtering > Attachment Filtering.

  3. Click Add Rule....

  4. Under the Rule name type a name for the rule and take note of it.

  5. Check Block this list, type the desired file type (e.g. *.7z) and click Add.

  6. Go to users/folders tab and select Only this list.

  7. Click Add to add email users, user groups and/or public folders to the list.

  8. Click Apply.

  9. Check the newly created rule and click Enable Selected.

Step 2: Create a new Registry key

  1. On the GFI MailEssentials server click Start > Run Type regedit.

  2. Navigate to:

  • 32-bit: - HKEY_LOCAL_MACHINE\SOFTWARE\GFI\MailEssentials\EmailSecurity\config
  • 64-bit - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\MailEssentials\EmailSecurity\config

  1. Right-click and select New > String Value.

  2. Right-click and select Modify.

  • Value name: ContentFilterWhitelist
  • ​Value data: The name of the rule created in step 1.

​NOTES

  • If MailEssentials is not installed in AD mode or the version is not 20.3 or newer, then the proposed solution will not work.
  • Procedure takes effect immediately, no services need to be restarted.
  • Where the rule name was filled in, you can specify if procedure should apply to all emails or depending on the scan direction: inbound, outbound and/or internal.
  • Whitelist procedure comes after the EmailSecurity modules and emails can still be blocked if malware is detected.
  • Limitations:
    • Applies to both sender and recipient
    • If ANY of the whitelisted users is found in the recipients list or sender, then it will be whitelisted and delivered to all users
    • Procedure will not work if the email is encrypted, digitally signed, or both

Related articles