ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Blocking Web Email Protection attachments using file extension

book

Article ID: 237948

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

Encryption Management Server release 10.5.1 introduced a feature that allows attachments with specific file extensions to be blocked from being attached to messages by Web Email Protection users.

This feature works by examining the file extension. It does not determine the file type by examining the contents of the attachment. This is similar to the way that email clients such as Microsoft Outlook behave.

Environment

Symantec Encryption Management Server release 10.5.1 and above.

Resolution

As referenced in the Release Notes for release 10.5.1, in order to add a list of blocked attachments it is necessary to connect to Encryption Management Server with ssh and edit the file:

/etc/ovid/prefs.xml

Before editing the file, it is good practice to take a backup of it:

cp /etc/ovid/prefs.xml /var/lib/ovid/customization/prefs.xml.bak

The tag of the prefs.xml file that needs to be edited is this:

        <blocked-file-types />

This article contains the list of 115 file extensions that Microsoft Outlook blocks by default. In order to block these extensions, you would change the <blocked-file-types> tag to this. Note that multiple extensions are separated with a semi-colon:

        <blocked-file-types>ade;adp;app;asp;aspx;asx;bas;bat;cer;chm;cmd;cnt;com;cpl;crt;csh;der;diagcab;exe;fxp;gadget;grp;hlp;hpj;hta;htc;inf;ins;isp;its;jar;jnlp;js;jse;ksh;lnk;mad;maf;mag;mam;maq;mar;mas;mat;mau;mav;maw;mcf;mda;mdb;mde;mdt;mdw;mdz;msc;msh;msh1;msh2;mshxml;msh1xml;msh2xml;msi;msp;mst;msu;ops;osd;pcd;pif;pl;plg;prf;prg;printerexport;ps1;ps1xml;ps2;ps2xml;psc1;psc2;psd1;psdm1;pst;py;pyc;pyo;pyw;pyz;pyzw;reg;scf;scr;sct;shb;shs;theme;tmp;url;vb;vbe;vbp;vbs;vhd;vhdx;vsmacros;vsw;webpnp;website;ws;wsc;wsf;wsh;xbap;xll;xnk</blocked-file-types>

Hundreds of file extensions can be included in the <blocked-file-types> tag if required.

In a clustered environment, after saving your changes to the /etc/ovid/prefs.xml, ensure it is replicated to other cluster members by running this command:

pgprepctl file /etc/ovid/prefs.xml

Then restart the tomcat service with this command:

pgpsysconf --restart tomcat

When a Web Email Protection user clicks on the Add attachment button, browses to and selects a blocked attachment type and then clicks on the Attach button, this message is displayed:

The user can then either attach an acceptable attachment or cancel the operation.

Attachments