Symantec Mail Security quarantines Microsoft Office 2007 documents under the Executable File rule
Last Updated August 01, 2010
Why do some Microsoft Office 2007 documents and spreadsheets trigger the Executable File rule?
When each attachment was edited, the Print settings were altered, causing Office to store a file called PrinterSettings1.bin file within the Office document. They are therefore detected with the Executable File rule, or custom compliance rules which detect files based on a .bin extension.
The recommended solution is to upgrade to Symantec Brightmail Gateway 7.7.0-17. If the upgrade is not an option at the moment, please use the work arounds described below.
To workaround this behavior, please do one of the following:
Disable the relevant rule,
Remove the "extension is bin" condition from each relevant policy, or
Add the file to a password-protect zip file before sending it.
An alternative solution is to create another compliance rule to allow Office 2007 documents. However, make sure that this rule is above the rule blocking executable files.
To create a rule to allow Office 2007 documents:
Create a new attachment list "Office 2007 files" with the file extensions to be allowed: docx, xlsx, pptx
Create a new compliance rule with a condition: 'If file is on the attachment list deliver message normally.'
Move this new rule above the Execuatable File rule.
Technical Information The "Extension is bin" condition is part of the "Executable Files" list that comes with Symantec Mail Security by default.