search cancel

PDF attachment files trigger the Executable Files rule in Messaging Gateway 10.7

book

Article ID: 175423

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

After upgrading to Messaging Gateway 10.7, you find that PDF attachements are triggering an Executable Files rule. The previous version did not detect these files.

Message Audit Logs will show the PDF file in the "Identified attachment(s)" list, but in the "Suspect attachment(s)" list it will show javascriptfile.js.

Cause

The malware scanning engine was improved in Messaging Gateway 10.7, which results in a change in the way that files are scanned and embedded items are detected.

The javascriptfile.js is an embedded file within the PDF and is being detected when the content filter is using an Executable File attachment list that detects file extensions. The filename extension ".js" is what is triggering the rule.

Resolution

To correct this situation, remove the .js extension from the attachment list. If you are using a default attachment list, create a copy to edit and use in your policies.

Extension checking is not generally reliable and True Type file checking is the recommended way to determine a file's actual type.