There is a Data Protection rule configured to block the email if some specific file types are attached within that email. The .zip file and other archive types (ie: .rar) are not included in blocked file type list. Still the email with an attached .zip file is getting blocked, why so? And how to identify the attached zip file content?

Why the block happens?

*****************

The service uses decompression tools which attempt to analyse a compressed file and open it if possible, this is used by the Anti-malware, Anti-spam, Cynic (Sandbox), Data Protection modules.

If the file is password protected, Email Security.cloud is unable to scan the contents of zip file. In this situation however, we'll check if a password is present in the email and attempt to open the file.

If the file is not password protected Email Security.cloud will scan it, should there be any suspicious content within the file it will be blocked.

How to identify the Zip file's content

**************************************

Please enabled the below option 

Data Protection > Settings > Reporting, select "Show matched content on reports," and "Show surrounding text on reports."

Once turned on, ensure you wait approx 1+ hour for propagation and then run the report. The column "Matched Content" will show what in the email triggered the policy.

In case , above is not sufficient please open a support case we will check internally on need basis.