Symantec.com
VERITAS.com
Partners
About Symantec
WelcomeProducts & ServicesSecurity ResponseSupportSolutions & IndustriesLicensingTraining
Enterprise
Symantec.com > Enterprise > Support > Knowledge Base

PRINT THIS PAGE PRINT THIS PAGE

RATE THIS PAGE RATE THIS PAGE

How to block specific attachments in Symantec Mail Security 4.0 for Microsoft Exchange

Question/Issue:
This page describes how to block specific attachments by name or file extension. The installed product is Symantec Mail Security 4.0 for Microsoft® Exchange.

Symptoms:
How to block specific attachments in Symantec Mail Security 4.0 for Microsoft Exchange This page describes how to block specific attachments by name or file extension. The installed product is Symantec Mail Security 4.0 for Microsoft? Exchange.

Solution:
The following sections describe how to filter unnecessary email. The method used is a combination of a match list and a rule to filter.

Before you begin:


Tutorial: This document contains tutorials that can help you with some of its steps. If you are having trouble with the steps in a section, you can start the tutorial for that section by clicking the "show me these steps" button.

Single server console

To create/configure a match list


  1. To access and start the single-server interface, do one of the following:
    • On the Windows taskbar, click Start > Programs > Symantec MS for Microsoft Exchange > Symantec Mail Security for Exchange.
    • On the desktop, double-click Symantec Mail Security for Exchange.
  2. In the left pane of the single-server interface, click Configuration.
  3. Click Match Lists.
  4. In the right pane, under Match Lists, click Add new.
    In the left pane, select Add/Delete Match List.
  5. In the right pane, under Add Match List, type a name in the Match list name box.
    The example used in the tutorial is: Tutorial - attachment

    Do not use punctuation (a period or other characters) at the end of a name. If you do use punctuation, the message "The field Match list name contains invalid characters (&%?\:/*?.|><'#@+=")" appears when you click Save.
  6. In the Match list description box, insert text describing the match list.
    This description box does not affect the function of any rule, or the match list itself. The purpose of the field is to give the administrator a description of the function of the match list.
  7. In the right pane, under This List Contains, click DOS wild card style expressions.
  8. In the Match list filter box, type the following:
    *.VB?

    Each extension or file name entered occupies a single line in the match list filter box. These symbols and characters are permitted: ! @ # $ % ? & * ( ) _ + } { " : > < ? | ? , . / ; ] [ = -
  9. Click Save.


To create/configure a Filtering Rule


  1. To access and start the single-server interface, do one of the following:
    • On the Windows taskbar, click Start > Programs > Symantec MS for Microsoft Exchange > Symantec Mail Security for Exchange.
    • On the desktop, double-click Symantec Mail Security for Exchange.
  2. In the left pane, in the single-server user interface, click Policies > Standard Policy > Filtering subpolicy.
  3. In the right pane, Under Filtering Subpolicy, click Add new.

    In the left pane, Filtering Subpolicy expands with Add/Delete Filtering Rule selected.
  4. In the right pane, under Add Filtering Rule, Type a name in the Filtering rule name box.
    The example used in the tutorial is: Tutorial - rule

    Do not use punctuation (a period or other characters) at the end of a Filtering rule name. If you do use punctuation, the message: "The field Match list name contains invalid characters (&%?\:/*?.|><'#@+=")" appears when you click Save. The default setting has Enable rule checked. Do not change this setting.
  5. In This rule applies to, click one of the options.
    The example used in the tutorial is: SMTP inbound scanning.
  6. Scroll down to the section Create expression.
    To scroll down, use the vertical scroll bar located on the right edge in the right pane.
  7. In Create expression, these are the sections to complete:
    • In the Choose conditional: box, leave the default of "If."
    • In the Choose attribute box, in the drop-down list, click an attribute.
      The example used in the tutorial is: Attachment Name.
    • In the Choose comparison box, leave the default of "Equals."
    • Click the option, A member of Match List.
    • In the A member of Match List, click an option in the drop-down list.
      The example used in the tutorial is: Tutorial - attachment
    • Click Add.

      In the Expressions in this rule box, the following text appears for the newly created rule: "If Attachment Name Equals a member of Name and extension, block match list." You may need to use the horizontal scroll bar to view the entire text.
  8. Scroll down to the section Action to take. In this section, pick the option best meeting your company's security policies.
    For this tutorial, click the option Delete attachment/message body, replace with text description.

    For details on Actions to take, click Help at the bottom of the right pane. In the search box type: unscannable file is detected Scroll down to the table under When an unscannable file is detected. This table contains two columns, with the first being an action, and the second being a description. Choose the option best meeting your needs.
  9. In the section Replacement text, the box contains a sample message and variables sent to the enabled administrators or sender.
    For a list of variables, click Help, and type in the search box: replacement text 
  10. The section Email notifications contains check boxes for To administrators and To sender, enabled by default.
    For this tutorial, no changes are made to the default states. These sections are also included:
    • The Subject Line box contains suggested text to send to the administrators. You can change the sample text, or replace it with your own text.
    • The Message Body box contains text and variables. The sample text and variables provide details on the tagged email.
  11. The final section is Alerts. This section contains Messenger Service Alert and AMS Alert. By default, each check box is checked. The Alert text box contains text sent to the enabled alert services.
    Make no changes to this section for this tutorial.
  12. Click Save.

Testing
Symantec recommends testing every new or modified rule to make sure that it works as expected. Use a test network. This allows more control over the process, and it is generally quicker when sending mail through the system. For this tutorial send a message with an attachment ending in .vbs.

Multiserver console

To create/configure a Match List



  1. To access and start the single-server interface, do one of the following:
    • On the Windows taskbar, click Start > Programs > Symantec MS Console for Exchange > Symantec MS 40 Console for Exchange.
    • On the desktop, double-click Symantec MS 40 Console for Exchange.
  2. In the left pane, under Global, in the multiserver console, expand Configuration.
  3. Right-click Match List Settings > All Tasks > Add Match List.
  4. In the Add Match List dialog box, type a name in the Match List Name box type.
    The example used in the tutorial is: Tutorial - attachment

    Do not use punctuation (period or other characters) at the end of a name. If you do use punctuation, when you click Save you will see the message: "The field Match list name contains invalid characters (&%?\:/*?.|><'#@+=")" appears when you click Save.
  5. Click OK.
  6. In the right pane, under Match List, in the Match list description box, insert text describing the match list.

    This description box has no bearing on the functionality of any rule or the match list itself. This description box does not affect the function of any rule, or the match list itself. The purpose of the field is to give the administrator a description of the function of the match list.
  7. Under the section This List Contains, click DOS wild card style expressions.
  8. In the Match list filter box, type the list of extensions and file names to filter.

    Each extension or name occupies a single line in the match list filter box. The symbols and characters: ! @ # $ % ? & * ( ) _ + } { " : > < ? | ? , . / ; ] [ = - are permitted.
  9. Click Save.


To create/configure a Filtering Rule


  1. In the single-server user interface, in the left pane, expand Policies >Standard Policy > Filtering subpolicy.
  2. Right-click Filtering Subpolicy > All Tasks > Add Filtering Rule.
  3. In the Add Filtering Rule dialog box, type a name in the Rule Name box.
    The example used in the tutorial is:  Attachment name block

    Do not use punctuation (period or other characters) at the end of a name . If you do use punctuation, when you click Save you will see the message: "The field Match list name contains invalid characters (&%?\:/*?.|><'#@+=")" appears when you click Save.
  4. Under This rule applies to:, click SMTP inbound scanning.
  5. Scroll down to the section Create expression. To scroll down, use the vertical scroll bar located on the right edge in the right pane. Do the following:
    1. In the Choose conditional: box, in the drop-down list, click If.
    2. In the Choose attribute: box, click an option from the drop-down list.
      The example used in the tutorial is:  Attachment Name.
    3. In the Choose comparison: box, click an option from the drop-down list.
      The example used in the tutorial is: Equals.
    4. A check is in the check box for Ignore case. This is a default setting. Do not change this setting.
    5. Click the option, A member of Match List:
    6. In the A member of Match List: drop-down list, click an option.
      The example used in the tutorial is: Name and extension block.
    7. Click Add.

      In the Expressions in this rule box, the following text appears for the newly created rule: "If Attachment Name Equals a member of Name and extension block" You may need to use the horizontal scroll bar to view the entire text.

  6. Scroll down to the section Action to take. Under this section, select an option best meeting your company's security policies. For this tutorial, click the option Log and make message unavailable with Auto-Protect enabled.

    For more details on Actions to take, click Help at the bottom of the right pane. In the search box type: unscannable file is detected scroll down to the table under When an unscannable file is detected. This table contains two columns, the first is the action and the second a description. Choose the option best meeting your needs when creating the rule for your set up.
  7. In the section Replacement text, the box contains a sample message and variables sent to the enabled administrators or sender. A list of variables is available in the product Help. Search for replacement text

    A list of variables is available by clicking Help and in the search box typing: replacement text 
  8. The section Email notifications contains check boxes for To administrators and To sender with associated boxes for Subject Line and Message Body. The check boxes are enabled as default. The following explains the purpose and contents of the Subject Line and Message body boxes:
    • The Subject Line box contains suggested text. You can change the provided sample text.
    • The Message Body box contains text and variables. The sample text and variables provide details on why the email tagged.
  9. The final section is Alerts. This section contains Messenger Service Alert and AMS Alert. By default, each check box is checked. The Alert text box contains text sent to the enabled alert services.
  10. Click Save.

Testing
Symantec recommends testing every new or modified rule to make sure that it works as expected. Use a test network. This allows more control over the process, and it is generally quicker when sending mail through the system. For this tutorial send a message with an attachment ending in .vbs.





RATE THIS SOLUTION
Was this solution helpful to you?
Yes
No
If any information was unclear, or the information you were seeking was not provided, please let us know. Your feedback will help us improve this service.

NOTE: Comments entered here will NOT recieve a personal email response.


Document ID: 2004062816163054
Last Modified: 06/25/2007
Date Created: 06/28/2004
Operating System(s): Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Exchange 2000 Standard Edition, Exchange 2000 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Datacenter Edition
Product(s): Symantec Mail Security 4.0 for Domino , Symantec Mail Security 4.0 for Microsoft Exchange
Release(s): SMS 4.0, SMS 4.0 [All Releases], SMS 4.0.1, SMSME 4.0, SMSME 4.0 [All Releases], SMSME 4.0.1



Site Index · Legal Notices · Privacy Policy · Contact Us · Global Sites
©1995 - 2009 Symantec Corporation