Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎12-06-2006 05:04 AM

BLOCKING EMBEDDED GIF ???

Hi All, F-60 : we are inundated with spam which carries embedded GIF images. This of course negates use of word filters to block. Although they can be succesfully blocked by including GIF in the FileBlock option this also blocks substantial valid mail. Also blocking by IP and URLs is possible but simply never ending and impractical as they' re ever-changing. I have raised this twice with Fortinet on the support page with two separate tickets and thay have no real solution. If anyone has experienced similar problems a solution will be most welcome. Tks, John
7775
0 Kudos
16 REPLIES 16
Not applicable

Created on ‎12-15-2006 03:50 AM

John, I to have this exact issue not only on my Corporate firewall, but on dozens of client firewalls. THe only answer I can get from Fortinet Support is a new SPAM engine will be release mid 2007 that will adress the issue. I to have blocked GIF and that blockes to many emails, supports only offer of help was to maintain the black list and banned words list int he firewalls. No real solution. So I am still looking for a solution as well. Chris
3921
0 Kudos
Not applicable

Created on ‎12-22-2006 07:10 PM

I found most of the gif file name is ten char. Therefore, I try to set the following File Pattern ??????????.GIF It seems okay
3921
0 Kudos
simport
New Contributor
In response to

Created on ‎01-03-2007 12:52 PM

I tried your trick, ??????????.gif and it works ! Even if not all gifspams are blocked, it helps a lot. ...But... I have one specific customer which uses gifs in his emails (a web designer...) and they are blocked. I added his address in the antispam whitelist, expecting they would be released...but they are still blocked. I think the antivirus pattern list is in 1st priority, before the antispam whitelist. Does anyone have idea to bypass this blocking rule for this email address? Thanks, JF
Simport Fortigate-200A 3.00-b0564
Simport Fortigate-200A 3.00-b0564
3921
0 Kudos
Not applicable
In response to simport

Created on ‎02-14-2007 11:32 PM

Firstly, we should understand file pattern " *.gif" is not equal to " ??????????.gif" In your case I have the following idea 1) To Confirm the filename (gifs) which your customer is using (e.g. abcde12345.gif) 2) To Add the filename (e.g. abcde12345.gif) in the AntiVirs->File Pattern but set the action = ' Allow' Pls try and let me know result
3921
0 Kudos
Not applicable

Created on ‎01-02-2007 11:32 PM

Hi all, I optimized the spam recognition by the banned Word list. I added: 
<BODY bgColor=#ffffff> 	 Wildcard 	Western 	Body
Most mailclients define the Background color by a stylesheet, put the color in quotes(" ffffff" ), or use a lot more Parameters in this line. 0 False Positive yet.
3921
0 Kudos
Not applicable

Created on ‎01-03-2007 06:34 AM

It didnt work to me I have tried <BODY bgColor=#ffffff> (wildcard body) " <BODY bgColor=#ffffff>" (wildcard body) (?i)\<BODY bgColor\=\#ffffff\> (regex body) all scored to 50 and the firewall profile set set as following set smtp scan block quarantine fragmail spamipbwl spamrbl spamemailbwl spamhdrcheck bannedword splice Any idea?
3921
0 Kudos
Not applicable

Created on ‎01-04-2007 01:42 AM

The Antispam seems to ignore the Banned Word list in some cases. Today i recived this Mail, which sould be tagged by the BWL. 
 ....
 <STYLE></STYLE>
 </HEAD>
 <BODY bgColor=#ffffff>
 <DIV><FONT face=Arial size=2><IMG alt=" "  hspace=0 
 src=" cid:000801c72f95$705c53c0$00000000@T1000"  align=baseline 
 border=0></FONT></DIV>
 <DIV><FONT face=Arial size=2>Artists subscribe feedsee available feeds learn. 
 ....
3921
0 Kudos
Not applicable

Created on ‎01-04-2007 04:14 AM

How do you set the ??????????.gif value in FilePattern? When I try to enter the value in a ssh session i get this error: 
 (filepattern)# edit " 
 token line: Unmatched double quote.
and if I use the web GUI I cannot set the blocking to smtp only
3921
0 Kudos
simport
New Contributor
In response to

Created on ‎01-04-2007 08:52 AM

To block for SMTP only, I created a protection profile specifically for smtp service and a banned word list only for this specific profile. So the gifs in web pages (or other services) aren' t blocked. JF
Simport Fortigate-200A 3.00-b0564
Simport Fortigate-200A 3.00-b0564
3921
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.