Unknown URL verdict for emails with file:// Paths in Attachments
search cancel

Unknown URL verdict for emails with file:// Paths in Attachments

book

Article ID: 380587

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

When emails are sent with attachments that contain file:// paths (such as Excel files with references in the "Name Manager"), Symantec Messaging Gateway (SMG) may flag these as "Unknown URL" during spam evaluation.

This often results in the attachment being blocked or quarantined, depending on the email filtering policy in place.

Environment

SMG 10.9

Cause

The file:// protocol is used to reference local files on a system, and such paths are inherently considered "unknown" by SMG since they cannot be validated or categorized in the same way as standard URLs (e.g., http://, https://).

As part of its URL filtering mechanism, SMG evaluates all URLs found in attachments and message content. Since file:// paths are local and not internet-based, they are flagged as "Unknown URLs."

Resolution

  1. Understanding Unknown URL Handling:

    • SMG classifies file:// paths as "Unknown URLs" because they are local references, not web-based URLs that can be categorized or validated.
    • Unknown URLs are not blocked by default. However, if your policy is configured to quarantine or block such URLs, SMG will take the action defined by the policy.
  2. Configuration Considerations:

    • Custom Policies: If your environment has a policy to quarantine or block "Unknown URLs," file:// paths will trigger this action. Review your URL categorization policy to adjust how Unknown URLs are handled if necessary.

    • Spam Bypass Rules: Creating a rule to bypass spam filtering for file:// paths may not function as expected due to potential misconfiguration or the limitations in evaluating such paths. Ensure that any bypass rules are correctly configured, but understand that the file URL (file://) isn't something SMG can evaluate, so it will always remain classified as "unknown."

  3. Best Practices:

    • Review attachments containing file:// paths, particularly in Excel files or other documents with embedded local file references. Consider removing or modifying such references if they are not required for external communication.
    • Regularly review your URL filtering policies to ensure that legitimate attachments with local file references are not unintentionally blocked, while still maintaining security for external URLs.


file:// paths in email attachments are classified as "Unknown URLs" by SMG due to the system's inability to evaluate or categorize local file references. Blocking or quarantining these URLs depends on your specific configuration. When creating bypass rules for such URLs, carefully review the configuration to ensure it operates as intended, but note that local file paths will always be treated as "unknown" since they cannot be evaluated.