Password protected documents do not trigger the malware policy condition "Contains an encrypted attachment".

book

Article ID: 164667

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Symantec Messaging Gateway Administration Guide 10.6 (P.218) states : " Encrypted attachments include password-protected Microsoft Excel, Microsoft Excel Binary, Microsoft Excel Chart, Microsoft Excel Macro, Microsoft PowerPoint, Microsoft Word (Macintosh, PC, UNIX, and Windows platforms), Microsoft Word Macro, RAR archive and ZIP archive files."

However, an email with a password-protected Microsoft Office document  (Microsoft Office 2007/2010/2013) attachment does not trigger the "Contains an encrypted attachment" condition. The Message Audit Log entry for the message shows that the verdict was not triggered as expected.

 

 

Resolution

The Administration Guide references older functionality and will be addressed and updated in later release.

The malware policy condition for "Contains an encrypted attachment" operates on encrypted zips files, encrypted RAR files and other fully encrypted files.

The Content Filtering Attachment Lists for "Password Protected Files (default)" will detect not only password protected Zip files but also password protected Microsoft documents and other password protected documents.

To detect MS Office files encrypted with password protection, create a Content Filter policy where you check against "Attachment or Body part:" being in the attachment list "Password Protection Files".