Risks can be found in the file types that contain executable code. You can enhance threat detection by identifying executable files. When you enable the Executable File Rule, Mail Security detects executable files and takes the actions that you specify. Mail Security determines if a file is a true executable file by analyzing the file contents, rather than looking at the file name extension.
Note: | Mail Security can determine the true file type of a well-formed binary file. The true file type of a binary file variant cannot always be accurately determined. |
The Executable File Rule recognizes the following executables:
MSDOS/Windows *.exe files
MSDOS/Windows object library files
MSDOS/Windows programs
MSDOS device drivers
/x86-win-16-com
To configure executable file detection
In the console on the primary navigation bar, click Policies.
In the sidebar under Content Enforcement, click File Filtering Rules.
In the content area, in the File Filtering Rules table, on the Executable File Rule row, click the box under the Status column, and use the drop-down menu to select Enabled.
This rule is enabled by default.
In the preview pane, in the Action to take list, use the drop-down menu to select one of the following to specify the action to take when an executable file is detected:
Delete entire message
Delete attachment/message body and replace with text
Quarantine entire message and replace with text
Quarantine attachment/message body and replace with text
Log only
The default setting is: Quarantine entire message and replace with text.
In the Replacement text box, type your customized message if you want to replace the message or the attachment body with a text message.
The default text is: Symantec Mail Security replaced %attachment% with this text message. The original file contained %violation% and was %action%.
To send email notifications about the detection, check one or more of the following:
Notify administrators
Click the down arrow and type your customized text in the Subject line box and the Message body box.
The default subject line and message body text is as follows:
Default subject line text: Administrator Alert: Symantec Mail Security detected a message containing prohibited attachment
Default message body text: Location of the message: %location% Sender of the message: %sender% Subject of the message: %subject% The attachment(s) "%attachment" and/or the message was %action%. This was done due to the following Symantec Mail Security settings: Scan %scan% Rule: %rule%
Notify internal sender
Click the down arrow and type your customized text in the Subject line box and the Message body box. The default subject line and message body text is as follows:
Notify external sender
Click the down arrow and type your customized text in the Subject line box and the Message body box. The default subject line and message body text is as follows:
On the toolbar, click Deploy changes to apply your changes.