we have some issues with encrypted media type. We use "body.IsEncryptedObject equals true" in order to block encrypted archives. The problem is that PDF files get blocked too if the security method in the PDF document properties is set to "password security".
With these settings, some PDF settings like "printing" or "commenting" can be allowed or disallowed, even if the doc itself is not encrypted and can be viewed without password.
Does anybody know if it possible to write a rule that allows PDFs that have protected document settings, but which are actually not encrypted? We want the users to be able to read those kind of PDF files.
Thanks for any info.
Currently MWG doesn't distinguish completely encrypted documents, and protected (from printing or commenting) documents. But I think, that for incomming traffic this doesn't matter, and anti-malware engine should be able to find malware in such documents.
So I think, that you can implement following workaround, you need to create list with mime types that will skipped, put application/pdf there, and modify rule so it will look like:
IF Body.IsEncrypted equals true
AND Body.MimeTypesEnsured "not in list" <list of mime type to be skipped>
this rule will block all encrypted documents and archives, except listed in your list