Email with MS Office file attachments (eg. .xlsx , .docx , .pptx ,etc) are quarantined due to File Name Rule
Log Name: Application
Source: Symantec Mail Security for Microsoft Exchange
Date: 9/11/2015 10:16:32 AM
Event ID: 291
Task Category: Content Enforcement Rules
The attachment "sheet1.xlsx" located in message with subject "Weekly Details", located in SMTP has violated the following policy settings:
Rule: File Name Rule
The following actions were taken on it:
The attachment "sheet1.xlsx" was Quarantined for the following reason(s):
UNAUTHORIZED FILE was found in printerSettings1.bin within printerSettings within xl.
UNAUTHORIZED FILE was found in printerSettings2.bin within printerSettings within xl.
UNAUTHORIZED FILE was found in printerSettings3.bin within printerSettings within xl.
MS Office 2007/2010 Files contain .bin files, as Mail Security decomposes the file it finds the .bin extension files and quarantines them if the File Type is added to the Match lists with File Name Rule All Microsoft Files are seen as container files by decomposer. Also applies to PDF Files. This is by design. Also .BIN extension is not added by default in Match Lists in any SMSMSE Versions.
Choose one of the following approaches:
Remove the file extension causing the quarantine from the File Name Rule. 1. Open the SMSMSE Administration Console. 2. Click on the Policies tab. 3. Click on Views|Content Filtering|File Filtering Rules. 4. Click on the rule File Name Rule. 5. Click the Select... button for Match list for prohibited file names. 6. Highlight the match list to use. 7. Click the Edit match list... button. 8. Remove the appropriate file extension. 9. Click the OK button to close the match list terms. 10. Click the Close button to close the Select a match list dialog window. 11. Click the Deploy Changes button to save the changes.
Configure SMSMSE to not open container attachments for File Name Rule processing. 1. Open the SMSMSE Administration Console. 2. Click on the Policies tab. 3. Click on Views|Content Filtering|File Filtering Rules. 4. Click on the rule File Name Rule. 5. Click the checkbox Bypass scanning of container files(s). 6. Click the Deploy Changes button to save the changes.
NOTE: This option skips the opening of all containers include ZIP files. NOTE: This option has no affect on virus scanning. Any virus scanning options still apply to containers maintaining the Security Levels with which Mail Security was implemented
Subscribing will provide email updates when this Article is updated. Login is required.