Hello everyone,
we use a FortiMail VM02 with version 7.2.5.
I would like to set up a "Content Profil" for attachments that only allows selected (explicitly defined) "File Types" and "File Extensions" to pass through.
All other "File Types" and "File Extensions" should be removed from emails. (and insert some disclaimer, send notification, ...)
I've set up "File Filters" for the allowed "File Types" and "File Extensions".
In addition, I set up a "File Filter" "all_other_attachments" with “File Type” and “File Extension” “*.*”.
But no matter how I combine these "File Filters" in a "Content Profile" ("Attachment Scan Rule" operator "Is" or "Is Not" and regardless of the order) all attachments are always removed from emails.
The log always says "File name: testpicture.PNG, detected by Content Filter, attachment scan rule: all_other_attachments".
Can anyone give me a tip on how I can implement this allowlist?
How do you manage email attachment restrictions?
Best regads
David
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If I understand well the logic of the scan rules, I think you should now just disable the "all_other_attachments" rule.
This way the remaining rule should make your FortiMail apply the action on all files but Images, right?
Please try and advise.
Hello
Can you share a screenshot of the content profile?
Hello AEK,
the most of the content profile is default.
I've attached some screenshots.
I've tested with both my own file filter "SVT_FileFilter_SafeList_File-Extension" and the predefined file filter "image". No difference.
Content Filter:
File Filter:
Hi dw
Can you try with "Is Not" operator as described in admin guide?
Operator | Select Is or Is Not. If Is is selected, the below action will be taken. If Is Not is selected, the below action will not be taken. You can use the Is Not option to safelist some attachment types. For example, if you want to reject all file types except for the PDF files, you can specify that PDF Is Not Reject. |
On the other hand, I think mime-type should looks like */*, not *.*
Ref: https://docs.fortinet.com/document/fortimail/7.4.1/cli-reference/657261/file-filter
Created on 01-09-2024 07:01 AM Edited on 01-09-2024 07:01 AM
Hello AEK,
your correct to name the operator "Is Not". I've also tested with that operator (see my initial post, ""Content Profile" ("Attachment Scan Rule" operator "Is" or "Is Not" and regardless of the order)").
Unfortunately there is no change in behavior no matter whether "Is Not" oder "Is".
Thank you for the notice with the mime-type wildcard.
But unfortunately it seen there is no funktion no matter whether "*/*" oder "*.*".
The notation "image/*, video/*, application/*, ..." seems to be necessary.
But that is not that problem.
If I understand well the logic of the scan rules, I think you should now just disable the "all_other_attachments" rule.
This way the remaining rule should make your FortiMail apply the action on all files but Images, right?
Please try and advise.
Hello AEK,
your right!
Clear case of misunderstanding on my part.
This way it works for me:
Thank you very much for your help and the food for thought. :)
Best regads
David
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.