The Attachment Processing page allows you to configure VPOP3 to perform two distinct functions on messages that contain attachments:
The Filtering tab is divided into four main sections:
Attachment filtering is applied when a new message is received by VPOP3. The Attachment filenames to filter box allows you to use basic pattern matching, so that VPOP3 will only filter certain attachments; for instance, if there is a particular filename extension, which would enable a malicious file to accidentally be run by the recipient.
The syntax for pattern matching is to type specific characters, where they will appear, and substitute a single, but unknown character with ?, and substitute an unknown number of characters with *.
e.g. ?x*.txt will match filenames such as example.txt and Oxford.txt, but because the ? character will only represent a substitution of one character, it will not match Texas.txt
Pattern | Explanation |
---|---|
*.vbs | Files with a .vbs extension will typically run as Visual Basic Scripts. |
*.{????????-????-????-????-????????????} | Filenames ending in a GUID (Globally Unique Identifier) - These files could instruct Windows to open the file in a particular program, or as an executable, irrespective of the actual filename extension. Note: GUIDs only contain hexadecimal characters (numbers 0-9 and letters A-F), but this pattern would also match for non-hexadecimal characters. |
*.hta | Files with a .hta extension will typically run as HTML applications; potentially allowing the use of JScript and VBScript. |
*.???.??? | Files with a 'double' filename extension are commonly used to distract the recipient. For example, by naming a file photo.jpg.exe, the sender could exploit users who do not have the technical knowledge to realise that the file is an application and not a picture. |
* *.* | Files with at least 10 consecutive spaces in the filename. There are few legitimate reasons for using 10 consecutive spaces, so it is likely to be an exploit attempt. Using a lot of spaces may obscure the filename extension in some mail clients, or may make the attachment look like two distinct files. |
*. | Windows will disregard the dot at the end of a filename, so there is very little reason for a filename legitimately ending with a dot. An attacker may try using a dot at the end of the filename, in order to circumvent other filtering rules. |
*.pif | Files with a .pif extension will typically be Program Information Files for DOS. They can be used to transmit viruses. |
There are two checkboxes in this section:
There are various attachment processing options for incoming messages:
If you check Reject outgoing messages with filtered attachments, VPOP3 will not send any messages with attachments that meet the filtering criteria.
This is particularly useful as a second line of defence, in case something gets onto the network and tries to send messages with certain types of file attachment.
Notification emails will be sent out to the sender when their message contains filtered attachments.
You can specify Sender and Reply-To addresses for the notification message.
The Filtering Conditions tab allows you to optionally exclude or include messages in the attachment filtering, based on the message headers.
There are two boxes for entering conditions:
Rules in Skip filtering for will be applied first. If there is a successful match, no filtering will take place on the message. If there is no match, VPOP3 will apply the Do filtering for rules. If there is a successful match, or if Do filtering for is blank, VPOP3 will then filter the message for blocked attachments.
Each rule needs to be entered as a separate line, in the format <Header field>: <Data to match>
. e.g. Subject: Annual accounts
.
You may either use wildcards (? and *) or regular expressions for the Data to match part of the rule. e.g. Subject: Annual accounts for*
, or Subject: /Annual accounts for (Your main business|Your other business)/i
The Extraction tab allows you to enable and configure the Attachment Extraction feature.
Attachment Extraction is the process of decoding an attachment from an incoming message, and saving it into a directory that is accessible from the VPOP3 computer. These attachments may optionally be removed from the message, before being allocated to the recipient(s).
The attachments directory can include tags, which will be replaced by a dynamic value, such as:
There are four processing options