An organization wants to allow some users to receive password protected files, but the Decompression Engine rule that blocks password protected files does not allow exceptions.
- GFI MailEssentials 20.3 with all patches installed or later
- GFI MailEssentials installed in Active Directory mode
The following two-step workaround lets administrators create an exception, using a whitelist policy which allows password protected files to pass through the Decompression Engine based on Username, User Group, and Public Folder Name.
Step 1: Create an Attachment Filtering rule
Log in to GFI MailEssentials configuration page.
Go to Content Filtering > Attachment Filtering.
Click Add Rule....
Under the Rule name type a name for the rule and take note of it.
Check Block this list, type the desired file type (e.g.
*.7z)and click Add.
Go to users/folders tab and select Only this list.
Click Add to add email users, user groups and/or public folders to the list.
Check the newly created rule and click Enable Selected.
Step 2: Create a new Registry key
On the GFI MailEssentials server click Start > Run Type
- 32-bit - HKEY_LOCAL_MACHINE\SOFTWARE\GFI\MailEssentials\EmailSecurity\config
- 64-bit - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\MailEssentials\EmailSecurity\config
Right-click and select New > String Value.
Right-click and select Modify.
- Value name: ContentFilterWhitelist
- Value data: The name of the rule created in step 1.
- If MailEssentials is not installed in AD mode or the version is not 20.3 or newer, then the proposed solution will not work.
- Procedure takes effect immediately, no services need to be restarted.
- Where the rule name was filled in, you can specify if procedure should apply to all emails or depending on the scan direction: inbound, outbound and/or internal.
- Whitelist procedure comes after the EmailSecurity modules and emails can still be blocked if malware is detected.
- applies to both sender and recipient
- if ANY of the whitelisted users is found in the recipients list or sender, then it will be whitelisted and delivered to all users
- procedure will not work if the email is encrypted, digitally signed, or both