Skip to main content
cempax
cempax
New Member
July 8, 2025
Question

Password-protected attachments

  • July 8, 2025
  • 3 replies
  • 770 views

Hello!

 

FortiMail 400F version 7.0.9 here. This FM is associated with a FortiSandbox solution. Under Archive Handling, we have Check archive content > Detect password protected archive enabled in our content profile. According to this article, this is supposed to be enough for FortiMail to detect pass-protected attached files and block them, but we find way many true positives slipping by.

 

The attachments are mostly zip, 7z, tar files, and the passwords aren't usually included in the body of the message.

 

I mention the FortiSandbox because every attachment gets sent to it and analysed while FortiMail waits for a result in order to deliver the email. FortiSandbox can't unzip it, TAC said it's because its password protected, it gets a clean verdict and thus sent through.

 

We're beginning to suspect that FortiSandbox is interfering with FortiMail's actions somehow. Are there any additional settings we can apply before looking into fortisandbox?

 

Thank you all for your time.

3 replies

fiesta
fiesta
New Member
July 30, 2025

Hi,

 

FortiSandbox is interfering with FortiMail's actions is true since you configured it with submit and wait result.

Any password protected cannot be check for signatures and verdict will always be clean whether with/without fortisandbox, and it will always be send to fortisandbox first before checked by content filter (detect password) since the scanning always antispam > antivirus > content filter.

 

Best regards.

FWD~

    colunjo1
    colunjo1
    New Member
    July 30, 2025

    you should also explain the vulnerabilities that the company is open to, that you cannot mitigate against, when unscannable attachments come in to random people in the company. a couple of recent examples of crypto eliminating medical records at hospitals or dashcam footage at major american police departments should do the trick

    filiaks1
    filiaks1
    Explorer III
    July 31, 2025

    What about the file filter maybe test it for password protected?

     

    Also strange that FortiSandbox does not have an option to mark password protected files as bad as this seems security gap.

    Terms & ConditionsAccessibility statement