Attachement Filtering with Whitelist options
I have a few scenario's when I have Mailesentials to block zip files via the content filtering (attachement) option to avoid viruses and 0 day threats from entering the system. (more reliable than a/v scanning) On some occasions there may be emails with valid zip files attached that get quarantined due to this policy, this would have to be manually released and checked on occasions. With enabling the whitelist feature this has no impact on this filtering option. I would like to see a whitelist function feature for content filtering to enable a email/domain or IP to be trusted with the content filtering feature.
Thanks all for your feedback
I would like to ask some questions regarding the usage of Attachment filtering.
- Do you have Notify Local Recipient enabled? This way intended recipients are notified?
- Do you have Notify Local Administrator enabled? This way the administrator can receive an email and easily approve?
- Are such exclusions intended for specific recipients or external recipients? Eg you can already exclude internal recipients from rules.
- What type of attachments are these? Zip Files? Office Files? PDF files?
Adam Zwibelman commented
Please add a whitelist option for senders in the content filtering - keyword checking. Or add a notify admin in the spam keyword checking. I just want to be notified when certain keywords are detected and have the option to whitelist senders. Currently not possible. I have to choose one or the other by using content filter - keyword checking (can notify admin but no whitelist) or using spam keyword checking (no notify option but can whitelist). Currently I opt for the content filtering option with notify admin but would like to be able to whitelist certain senders as well.
Jana Siegert commented
We also work with Attachement Filtering (zip, doc) and get a lot of these stuff per day.
The percentage of dangerous and good files is 50/ 50. The sorting is incredibly time consuming.
A whitelist is needed.
Avrum Feldman commented
is there a way to exclude internal user for specific external sender?
André Fritzsch commented
Attachement Filtering with IP (!) Whitelist should be the best way for us.
A whitelist with email adresses becomes a big problem with "fake" emails. Sender IPs are more secure for trusted senders.
Sean Ohlrich commented
I too need to be able to whitelist domains for attachment filtering, even if it is needing to be made one rule at a time. The argument given earlier in the thread by Ian stating that email addresses can easily be spoofed is not relevant to this software. If you have whitelist options for any setting, then you might as well have whitelist options for every setting. Either it is going to be bypassed by spoofers or it isnt. Consistency is the greatest achievement in any software programming endeavor. If the whitelist is ONLY for that one section in programming then the bad emails can still be captured by other sections, ie SPF, VIRUS, etc...
Marc Tschech commented
Is there any update on this request? I would really love to see a whitelist feature for attachment filtering in one of the next updates.
I don't really see the rist of spoofing email addresses as an attachment-whitelist whould not stop any further virus-scans etc. It would just bypass the attachment filtering.
It would be nice to have a checkbox for each attachment-filter to select if the whitelist is used or not. That way you could always filter *.exe files while you allow *.docx files for some adresses.
Denisz Voznyuk commented
Dear GFI team,
As can I see, whitelisting for attachement request from external email addresses or domain is already exists. As at this moment there is no other option to whitelist content from external senders (only quarantine and release option can be used in this case) for security reasons, I just would like to confirm that, from our side we still need this option, and I would like to add our vote for this feature requet too.
Please keep me updated on this feature.
Jean Luc Le Doledec commented
IN an high ransomware risk period, I act like Stephen, I blocked .ZIP file, but like him, some are clean.
From my point of view, having a whitelist check before keyword and content filtering, is mandatory for a mail security software.
To avoid spoofing sender address, SPF or IP source whitelist can be a good complement
Tim Frodermann commented
My real live example are xlsm-Files. We blocked them because of the obvious security problems regarding Ransomware. But as it is, my customers receive valid xslm-Files on a daily basis.
There seem to be a lot of accounting and erp programs around that can only export reports as xslm-Files and that contain macros for some reasons unknown to me. Even amazon hands out xslm files for b2b customers.
So what happens is that people receive a lot of xslm-files, but mostyly from a handful of known senders. I could giive access to the quarantine, but again, normal users have no access to the malware quarantine, where these attachments end up.
So this is a catch 22: Give me normal user access to the malware quarantine or a attachment filtering sender whitelist :-)
Johnny Haak commented
If the e-mail passes first the Anti Spam Filters (including SPF) then whitelisting of external recipients/senders shouldn't be a problem.
Ken Dietz commented
I would argue that the same email spoofing claim could justify not offering an email whitelist as well, which would be catastrophic for organizations not to have that capability.
As the regular email whitelist is "use at your own risk" as email addresses can be spoofed and get through there as well, I think that the same would apply by allowing the whitelist (whether it's a separate attachment filtering list or the same email whitelist) to allow attachments through from whitelisted senders.
An example we've faced is that we get a lot of malicious Word Documents that make it through the standard set of filters, so I've had to instate a full block of all .DOC files at the Attachment Filtering level, meaning that the user does not get ANY Word Documents even from our trusted business partners (legal counsel, partner organizations) and also because they don't end up in their quarantine, they never know about the email at all, forcing me to routinely check the logs to see if anything has come in from these partners. A whitelist at this level would be a huge time saver.
The main reason why this has never been implemented is that email addresses can be easily be spoofed.
Any person can easily send an email pretending to be somebody else. Although there are ways to be able to determine if the email is legitimate or not, this does not depend on your configuration but on the sender's configuration eg SPF records, Domain Keys etc.
I do understand that organisations have business partners and they went to quickly receive communications from them easily without having quarantine issues etc. However if the business partner network or email system gets compromised, then this could potentially compromise your own system.
We will investigate how we can alleviate this problem.
Paul Jebe commented
I'd like to add my support to this request. I would be ok with having to maintain a separate whitelist for Content Filtering if that helps keep it more secure. As mentioned by other customers we like to block potentially harmful attachments (mainly zip and xls) but would like to receive them without hassle from a handful of trusted business partners.
Bob Walters commented
Notify local recipient would just make them call me therefore causing more work. Notify Admin, ditto, I have enough email to deal with already.
I have to keep an the on the quarantine constantly as my client receives time critical tender requests via macro enabled Office documents. Also some .zip files. It needs to be whitelisted by sender or senders domain. This is pretty urgent and I am surprised that it has not been requested a long time ago by a lot of people.
Peter Huber commented
We urgently need exceptions for attachment-filtering. We couldn't afford to loose customer-orders because of a missing whitelist-option. Excluding some external email addresses from filtering is better than disabling the filtering at all.
Matthew Pulis commented
Yes. I spoke with Andrea this morning and the feature that many are looking for is to have the possibility of a whitelist for external users.
Having said that, one needs be aware that even a person you trust may get infected and sends you an infected file, but this request has nevertheless been popular throughout the years.
AdminJoe Kern (Admin, GFI) commented
Just to understand the issue. While MailEssentials will allow for control and policies for attachment filtering based on internal email addresses, you would like to it to also apply to external email addresses.
*@* = block all zip files
Joe@yourcompany. = allow zip files to be recieved only to him
jane@customercompany = zip files from jane to all "@yourcompany" is allowed
In this example what is missing that you are looking for is the Jane scenario.
Andrea Rosetti commented
Noi attualmente usiamo Groupshield di McAfee e vorremmo abbandonarlo,
ma lui ha la possibilità di filtrare una whitelist di mittenti esterni per i quali accettare gli allegati .
Senza whitelist non è possibile usare l'attachment filtering.
Chiedo se possibile inserirlo anche in GFI
Mark Fletcher commented
I have exactly the same issue as Stephen. How anyone imagined a commercial organisation can be expected to run attachment filtering for .zip files without a whitelist option. Perhaps the GFi developers need to have a day out in the real world hahahaha.
Sal LaDuca commented
I agree I want to block rouge zip files but my customers use zip files all the time form legitimate senders.