Technical Tip: How to Scan Password Protected Archive File

This article describes how to scan the email contain password protected archive file.

FortiMail v6.2.

1) Navigate in the GML GUI Go to: Profile -> Content Profile and select Create New or modify current Content Profile.

2) In the content profile, under Archive Handling, enable Check archive content and Enable Attempt to decrypt archive.

3) Next, expand the File Password Decryption Options and enable Words in email content by default the 'Number of adjacent word to keyword' is set to 5.The minimum adjacent word is 1 and the maximum is 10.

Number of adjacent word to keyword means the words before and after the keywords as the 'passwords' or 'pass'. Number of words to try: specify how many words before and after the keywords to use.

For example, in the email content, there is such a sentence: 'To open the document, please use password 123456. If you cannot open it, please contact us.'

Specify to use two words before and after the keyword, 'please', 'use' (two words before the keyword 'password'), '123456', and 'If' (two words after the keyword 'password') will be used as one by one as the password to decrypt the attachments.

4) Apply this content profile to the IP policy or recipient policy accordingly.
5) When sending an email containing password protected archive file, FortiMail will be able to scan it and following log will be shown.