Technical Tip: How to remove specific File Extension and deliver the mail to user mailbox

By default, .wmz is included in the executable_windows file filter, as it can contain embedded scripting (such as JavaScript) and is therefore classified as a potentially unsafe file type. Since the default content profile (CF_inbound) has the executable_windows file filter enabled, WMZ files are detected and the corresponding action is applied. 

To remove .wmz attachments from all incoming emails while still delivering the message to the recipient:

1. Create a File Filter – for example, name it WMZ and set File Extension User defined '*.wmz'.

2. Modify the Content Profile – add the newly created WMZ file filter and set the action to Replace.

This configuration ensures that only the wmz attachment is removed, since the action applies exclusively to this file filter.

1. Navigate to Profile -> Content -> File Filter -> New> enter the name 'WMZ' -> Move down to File Extension -> User defined -> Enter *.wmz.

2. Navigate to Profile -> Content -> Content -> Create New -> Enter Name 'New Content Profile' -> Attachment Scan Rules -> New -> Select the created File Filter 'WMZ'.
   
   

   

    

3. Navigate to Profile -> Content -> Action -> New -> Enter Name 'New_Action_Profile' -> Select Replace with message -> Choose to default/create a new profile.
   
   

   

    

4. Navigate to Profile -> Content -> Content -> Edit 'Created/used Profile' -> Attachment Scan Rules -> WMZ -> Edit -> Drop down Action Menu -> Select the Created Action profile 'New_Action_Profile'.

    

   

    

5. Move this File Filter 'WMZ' above the existing executable_windows file filter.
                                                                                            

6. Navigate to Policy -> Recipient Policy -> Inbound -> New/edit -> Choose the Created Content Profile 'New_Content_Profile'.

Result 1.

1. Log Detail Result.
   
   
   
2. Cross Search log Result.

3. Result from the inbox.

    

   

    

Additionally, the action can be configured to deliver a modified copy to the original recipient while simultaneously sending the unmodified copy to the system quarantine for administrative review in the event of false positives.

Navigate to Profile -> Content -> Action -> New_Action _Profile -> Edit -> Enable 'Deliver to Original Host' -> Set the Final action to System Quarantine.

Navigate to Security -> Options -> Preference -> Choose the values.

Result 2.

1. Log Details.
   
   

2. Result from the inbox.

    

    

3. Result from the System Quarantine folder.