Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
S-GenZ
New Contributor II

Can FortiMail unit remove attachement files?

I want to remove attachement files from email which virus detected or contents filter matched.

I found "Replace infected/suspicious body or attachment(s)" and "Replace with message" on antivirus and contents profile actions, but that's only replacing, not removing.

Anybody know how  configure to remove attachement files?

 

FortiMail VM02
v7.0.3(GA), build189, 2022.03.16
Gateway-Mode

 

FortiMail 

6 REPLIES 6
Demir21
Staff
Staff

By specifying "Replace infected/suspicious body or attachment(s)" it allows the body of the email to be delivered to the intended recipient without the malicious attachments,so it will remove the infected attachment with a replacement message. 

You can find more information on the following link: https://help.fortinet.com/fmail/archives/3_0/fortimail-admin/wwhelp/wwhimpl/common/html/wwhelp.htm?c...

S-GenZ
New Contributor II

Thank you for reply.

But I don't want to have replace message.
I need that just remove attachment without replace message.
Can it do?

Demir21
Staff
Staff

It is a prebuild feature in Fortimail that cannot be removed. It can only be edited. I  checked  the CLI reference under customized-messages and there is no delete command. I tested it also in different firmware versions.

S-GenZ
New Contributor II

Thank you Demir21.

I'm sad to hear that. Thanks anyway.

gfleming
Staff
Staff

Look into Content Disarm and Reconstruction (CDR). I believe you can configure CDR to remove attachments that are deemed to have malicious content.

 

https://docs.fortinet.com/document/fortimail/7.2.1/administration-guide/922690/configuring-content-d...

Cheers,
Graham
S-GenZ
New Contributor II

Thank you for your informations, gfleming.
The CDR attachment setting document says 'Attachment handling for deferred email'.
What's exactly mean 'deferred email' ?
Is a email that was queued by network or any troubles?
Or, is a email which was queued by spam or virus outbreak?
And, Is it able to be triggered by 'Content Monitor and Filtering'?

Labels
Top Kudoed Authors