cancel
Showing results for 
Search instead for 
Did you mean: 

MSME stripping password protected encrypted attacchment from emails

Jump to solution

Hi,

 

I am an Exchange Admin, We have 2 Exchange 2010 Hub servers (Say Hub1 & Hub2). We receive an eamil with password protected encrypted zip file attachmnet from a specific eamil address. 

When this email is received by Hub1 from IronPort the eamil is getting delivered to the recipient fine.

But when the email is received by Hub2 from IronPort the attachment in the email is getting stripped off and replaced by a text document which contains below infromation.

-----------

PASSWORD-PROTECTED FILE ALERT

A password-protected file could not be scanned and has been removed as a precaution.
Ticket Number: '0af0-5aa1-5e4f-0001'

----------

 

I performed pipeline tracing to find that the McAfee Text Routing Agent is acting on the email when the attachment gets stripped (below the what i find in the header)

-----

X-MessageSnapshot-Source: OnCategorizedMessage,McAfeeTxRoutingAgent

-----

 

Anti-Virus team checked the server and infromed that MSME is the one which is removing the attachment.

 

I compared the settings on both the server and found that the only difference is 'Enable McAfee Global Threat Intelligence file reputation'

This was unchecked on the Hub1 server and checeked on the Hub2 (problem) server.

So i uncheceked this option on the problem server. But the issue is happening after this also.

1. Is that setting related to the issue? If yes then does it need a service restart [which service will it be]

2. If the issue is not related to this specific setting, is there any other setting that i need to look into in particular.

 

We have a workaround plan of exporting the settings under 'Settings & Diagnostics' > 'Import and Export Configuration' from the working server to problem server. if we perform that will it need any service restart? if yes what service will it be?

 

I am little limited on time as we might have to do the export import plan by sunday night EST. i will greatly appreciate if someone will be able to help me out with this at the earlist.

 

Thanks

Bennett J.Davis

 

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
Aidan
Level 14

Re: MSME stripping password protected encrypted attacchment from emails

Jump to solution

The related settings for Password Protection is - Policy Manager - Master Policy - On Access -  Filters - Password Protected files - if this is different setting on the two hubs then it could be cause. 

If you export the configuration from server1 and import to server2 then both servers would have same configuration - and no does NOT require a reboot or service restart.

(This also assumes that nether server is managed by ePolicy Orchestrator) 

2 Replies
Aidan
Level 14

Re: MSME stripping password protected encrypted attacchment from emails

Jump to solution

The related settings for Password Protection is - Policy Manager - Master Policy - On Access -  Filters - Password Protected files - if this is different setting on the two hubs then it could be cause. 

If you export the configuration from server1 and import to server2 then both servers would have same configuration - and no does NOT require a reboot or service restart.

(This also assumes that nether server is managed by ePolicy Orchestrator) 

Highlighted

Re: MSME stripping password protected encrypted attacchment from emails

Jump to solution

thanks a lot for the reply Aidan.

export-import configuration is what was approved for us to do. its good to know that it do not need a restart. i will preceed with that.

 

thanks again

0 Kudos