4 Replies Latest reply on Mar 20, 2015 1:44 AM by jlockie

    Managing Attachments....

    jlockie

      Hello,

       

      We have an attachment policy that blocks and strips out ZIP files.  I work in the financial sector, so we tend to get customers emailing PDF files which have been compressed into a password protected ZIP file.

       

      When this happens, the staff member comes to IT and asks us to "release" the attachment, which we cannot do.  Therefore, we have to inconvenience our customer by asking them to resend the file.  During this time, we move the staff person to a new security group which permits the attachment type in question.  There are a number of issues I have with this:

       

      1. IT is still unable to review the attachments prior to permitting delivery to the staff person (and subsequent opening of attachment).  Yes, I know we could ask the customer to send it to a generic email address, but then this doesn't provide a good feeling of customer service for them.
      2. We are asking someone to resend something, which is a huge inconvenience to them.  We should be able to "trap" the attachment rather than just dump it and then have them resend.
      3. We are allowing staff people to get around the attachment policies for a given period of time, which exposes their inbox and defeats the purpose.  We have to manually remind ourselves (usually via support ticket infrastructure) to remove this access.
      4. We can "quarantine" attachments that violate the policy, but this totally defeats the purpose since staff are easily fooled into thinking that someone is sending them a credit app when in reality it's a malware embedded PDF.  They will just release whatever they want.
      5. We were previously able to trap attachments for review, and then release without having to have the original email resent using our old product from Postini...so this is a bit of a feature regression for us

       

      What I would like to be able to do, and hopefully this is possible now and I am failing to see how, is to send attachments that violate the policy to a quarantined location.  From there, IT could "release" to the original recipient.  This seems like a no brain-er feature for enterprises managing email security?

        • 1. Re: Managing Attachments....
          frankm

          PDF files don't need to be Zipped to be encrypted. These attachments are quarantined at the Org level and only the Admin can review and release, no different than Postini. You can create a file name policy, Attachment >> Filename Polices and have a silent copy sent to a distribution list for IT to review. From there you can decide to release or reject.

          • 2. Re: Managing Attachments....
            kwidhalm

            Hello jlockie,

             

            For the scenario you are describing, I would recommend using the quarantine option.  Something to note, users only have the ability to see and release items that were quarantined as spam.  When items are quarantined based on a content or attachment violations they can only be viewed and released by a customer admin or quarantine admin.

             

            I hope this information is helpful!

             

            Karen Widhalm

            Product Specialist

            SaaS Email and Web Security

            McAfee. Part of Intel Security.

            • 3. Re: Managing Attachments....
              jlockie

              Thanks to both.  It looks like what I need is probably available.  I am a "customer admin".  But when I go to the default inbound policy and look under attachments > file name policy under "silent copy" option I show "NONE" as the only option....

               

              I'll poke around some more.  But if we could have an administrative group review certain file type extensions (rather than just delete / strip them) that would be perfect

              • 4. Re: Managing Attachments....
                jlockie

                OKAY....I found it.  I needed to create a distribution list, then that list becomes available under notify.  Perfect.

                 

                Only question I am not clear on: When I am looking at inbound policy > attachments > file types there is a list of option there (radio buttons) "action to take for disallowed attachments".  Are you saying that if I select "quarantine" it will send it to an administrative quarantine rather than to the users quarantine?  If so, can you help me understand before I make changes to production - how will my admin team know when this happens so that they can respond ASAP?