search cancel

Blocking Web Email Protection attachments using file extension


Article ID: 237948


Updated On:


Encryption Management Server Gateway Email Encryption


Encryption Management Server release 10.5.1 introduced a feature that allows attachments with specific file extensions to be blocked from being attached to messages by Web Email Protection users.

This feature works by examining the file extension. It does not determine the file type by examining the contents of the attachment. This is similar to the way that email clients such as Microsoft Outlook behave.


Symantec Encryption Management Server release 10.5.1 and above.


As referenced in the Release Notes for release 10.5.1, in order to add a list of blocked attachments it is necessary to connect to Encryption Management Server with ssh and edit the file:


Before editing the file, it is good practice to take a backup of it:

cp /etc/ovid/prefs.xml /var/lib/ovid/customization/prefs.xml.bak

The tag of the prefs.xml file that needs to be edited is this:

        <blocked-file-types />

This article contains the list of 115 file extensions that Microsoft Outlook blocks by default. In order to block these extensions, you would change the <blocked-file-types> tag to this. Note that multiple extensions are separated with a semi-colon:


Hundreds of file extensions can be included in the <blocked-file-types> tag if required.

In a clustered environment, after saving your changes to the /etc/ovid/prefs.xml, ensure it is replicated to other cluster members by running this command:

pgprepctl file /etc/ovid/prefs.xml

Then restart the tomcat service with this command:

pgpsysconf --restart tomcat

When a Web Email Protection user clicks on the Add attachment button, browses to and selects a blocked attachment type and then clicks on the Attach button, this message is displayed:

The user can then either attach an acceptable attachment or cancel the operation.