MS Office 2007/2010 Files are Quarantined with File Name Rule configured in Symantec Mail Security for Microsoft Exchange (SMSMSE)

book

Article ID: 162369

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

Email with MS Office file attachments (eg. .xlsx , .docx , .pptx ,etc) are quarantined due to File Name Rule

Log Name:      Application
Source:        Symantec Mail Security for Microsoft Exchange
Date:          9/11/2015 10:16:32 AM
Event ID:      291
Task Category: Content Enforcement Rules
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      W2K8-EX2K10-65.ex2k10lab.test

Description:
The attachment "sheet1.xlsx" located in message with subject "Weekly Details", located in SMTP has violated the following policy settings:
                Scan: Auto-Protect
                Rule: File Name Rule
The following actions were taken on it:
The attachment "sheet1.xlsx" was Quarantined for the following reason(s):
 UNAUTHORIZED FILE was found in printerSettings1.bin within printerSettings within xl.
 UNAUTHORIZED FILE was found in printerSettings2.bin within printerSettings within xl.
 UNAUTHORIZED FILE was found in printerSettings3.bin within printerSettings within xl.
 

Cause

MS Office 2007/2010 Files contain .bin files, as Mail Security decomposes the file it finds the .bin extension files
and quarantines them if the File Type is added to the Match lists with File Name Rule
All Microsoft Files are seen as container files by decomposer. Also applies to PDF Files.
This is by design. Also .BIN extension is not added by default in Match Lists in any SMSMSE Versions.

 

Resolution

Choose one of the following approaches:

Remove the file extension causing the quarantine from the File Name Rule.
1. Open the SMSMSE Administration Console.
2. Click on the Policies tab.
3. Click on Views|Content Filtering|File Filtering Rules.
4. Click on the rule File Name Rule.
5. Click the Select... button for Match list for prohibited file names.
6. Highlight the match list to use.
7. Click the Edit match list... button.
8. Remove the appropriate file extension.
9. Click the OK button to close the match list terms.
10. Click the Close button to close the Select a match list dialog window.
11. Click the Deploy Changes button to save the changes.

Configure SMSMSE to not open container attachments for File Name Rule processing.
1. Open the SMSMSE Administration Console.
2. Click on the Policies tab.
3. Click on Views|Content Filtering|File Filtering Rules.
4. Click on the rule File Name Rule.
5. Click the checkbox Bypass scanning of container files(s).
6. Click the Deploy Changes button to save the changes.

NOTE: This option skips the opening of all containers include ZIP files.
NOTE: This option has no affect on virus scanning.  Any virus scanning options still apply to containers maintaining the Security Levels with which Mail Security was implemented