Certain emails containing TTF files may be detected as Suspect Virus by Messaging Gateway.
search cancel

Certain emails containing TTF files may be detected as Suspect Virus by Messaging Gateway.

book

Article ID: 164685

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Certain emails containing TTF files may be detected as Suspect Virus by Messaging Gateway.

Cause

The issue is in the way the 'Content Type' of the attachment is declared, as shown below. Many file types have a designated MIME Content Type that should match or it can be determined to be suspicious.

When a .TTF attachment is declared as 'image/ttf' in the message source then the suspect virus verdict is triggered, because a TTF file is not an image file type.

Example:

--------------959FD89370075E51046089E5
Content-Type: image/ttf;
 name="_fontsglyph.ttf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="_fontsglyph.ttf"

 

Resolution

This would need to be addressed with whatever process is creating the email. More information on the TTF media type can be found in RFC8081.

A very generic declaration of "application/octet-stream" can be used if not specifying the Content Type described in the RFC8081. When the attachment is declared as 'application/octet-stream', then the file gets delivered normally.

Example:

--------------959FD89370075E51046089E5
Content-Type: application/octet-stream;
 name="_fontsglyph.ttf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="_fontsglyph.ttf"

 

Powered by Wolken Software