FortiMail Content Profil with File Filter allowlist

dw · ‎01-09-2024

Hello everyone,

we use a FortiMail VM02 with version 7.2.5.

I would like to set up a "Content Profil" for attachments that only allows selected (explicitly defined) "File Types" and "File Extensions" to pass through.
All other "File Types" and "File Extensions" should be removed from emails. (and insert some disclaimer, send notification, ...)

I've set up "File Filters" for the allowed "File Types" and "File Extensions".
In addition, I set up a "File Filter" "all_other_attachments" with “File Type” and “File Extension” “*.*”.

But no matter how I combine these "File Filters" in a "Content Profile" ("Attachment Scan Rule" operator "Is" or "Is Not" and regardless of the order) all attachments are always removed from emails.
The log always says "File name: testpicture.PNG, detected by Content Filter, attachment scan rule: all_other_attachments".

Can anyone give me a tip on how I can implement this allowlist?
How do you manage email attachment restrictions?

Best regads
David

AEK · ‎01-09-2024

If I understand well the logic of the scan rules, I think you should now just disable the "all_other_attachments" rule.

This way the remaining rule should make your FortiMail apply the action on all files but Images, right?

Please try and advise.

AEK

View solution in original post

AEK · ‎01-09-2024

Hello

Can you share a screenshot of the content profile?

AEK

dw · ‎01-09-2024

Hello AEK,

the most of the content profile is default.

I've attached some screenshots.

I've tested with both my own file filter "SVT_FileFilter_SafeList_File-Extension" and the predefined file filter "image". No difference.

Content Filter:

File Filter:

AEK · ‎01-09-2024

Hi dw

Can you try with "Is Not" operator as described in admin guide?

Operator

Select Is or Is Not. If Is is selected, the below action will be taken. If Is Not is selected, the below action will not be taken. You can use the Is Not option to safelist some attachment types. For example, if you want to reject all file types except for the PDF files, you can specify that PDF Is Not Reject.

Ref: https://docs.fortinet.com/document/fortimail/7.4.1/administration-guide/921588/configuring-content-p...

On the other hand, I think mime-type should looks like */*, not *.*

Ref: https://docs.fortinet.com/document/fortimail/7.4.1/cli-reference/657261/file-filter

AEK

dw · ‎01-09-2024

Hello AEK,

your correct to name the operator "Is Not". I've also tested with that operator (see my initial post, ""Content Profile" ("Attachment Scan Rule" operator "Is" or "Is Not" and regardless of the order)").

Unfortunately there is no change in behavior no matter whether "Is Not" oder "Is".

Thank you for the notice with the mime-type wildcard.

But unfortunately it seen there is no funktion no matter whether "*/*" oder "*.*".

The notation "image/*, video/*, application/*, ..." seems to be necessary.

But that is not that problem.

AEK · ‎01-09-2024

If I understand well the logic of the scan rules, I think you should now just disable the "all_other_attachments" rule.

This way the remaining rule should make your FortiMail apply the action on all files but Images, right?

Please try and advise.

AEK

dw · ‎01-11-2024

Hello AEK,

your right!

Clear case of misunderstanding on my part.

This way it works for me:

Thank you very much for your help and the food for thought. :)

Best regads
David