Emails are sent without attachments, but incidents are triggered on an attachment
search cancel

Emails are sent without attachments, but incidents are triggered on an attachment

book

Article ID: 250201

calendar_today

Updated On:

Products

Data Loss Prevention Core Package Data Loss Prevention Data Loss Prevention Network Email Data Loss Prevention Network Monitor

Issue/Introduction

Emails are sent without attachments, but DLP triggers an incident with an attachment

 

Environment

Release : 15.8 or above

Component : Email Prevent, Network Monitor (SMTP)

Cause

An internal system building [email protected] emails is embedding base64 coded information in emails.

Emails are being sent with base64 encoded attachments

 

Resolution

When the email is saved as .eml and opened with Notepad, the following is seen.

Content-Type: application/octet-stream;
name=hidden_file.zip
Content-Transfer-Encoding: base64
Content-Disposition: attachment

DLP successfully detects base64 encoded attachments

This is working as designed.

Powered by Wolken Software