4.7 Support for password protected attachments

Problem

Communicating parties apply encryption to maintain confidentiality of their communiquès.

Given by the nature of encryption, real - potentially malicious - contents of an encrypted file are hidden from MetaDefender Email Gateway Security, thus encrypted files are blocked by default.

Solution

Marking emails with password protected attachments

Emails with password protected attachments are blocked by default. If Email Gateway Security is set accordingly, then these emails will then put into the quarantine.

Blocked emails, where the blocking reason was that attachments were password protected, are marked with a padlock images/download/thumbnails/36831931/font-awesome_4-7-0_lock_22_0_273238_none.png icon in the RESULT column in the quarantine.

images/download/attachments/36831931/image2019-5-22_14-2-28.png

Rescan and provide password

When rescanning an email that has password protected attachments, password for the encrypted items is requested by Email Gateway Security. For details about rescan see the Rescan section in 4.3 Quarantine.

Rescan may be initiated by two parties:

  1. Email Gateway Security administrators

  2. Recipients of the email

For administrators

Administrators who are authorized to rescan on the Web Management Console, can initiate to rescan any blocked email under Dashboard > Quarantine. In this case administrators need to enter the password for the encrypted attachments.

To initiate a rescan move your mouse over the email which needs to be rescanned and click on the Rescan icon ( images/download/thumbnails/36831931/font-awesome_4-7-0_retweet_22_0_007dff_none.png ).

images/download/attachments/36831931/image2019-5-22_14-3-28.png

Clicking on the Rescan will display a pop-up window where you can enter passwords for each supported password protected attachments. You have to prodive the correct password for each attachment and click the Rescan Email button when finished.

images/download/attachments/36831931/image2019-5-22_14-4-10.png

If every password were correct and the attachments were not blocked by MetaDefender Core then you will see the Email rescanned successfully message and your email will be sent to the original recipients and in the meantime it will be removed from the quarantine.

images/download/attachments/36831931/screencapture-localhost-8058-2018-03-22-15_56_14.png

If one of the passwords was wrong or MetaDefender Core blocked one or more of the attachments you will see a Failed to rescan email error message and the email will be kept in quarantine.

images/download/attachments/36831931/screencapture-localhost-8058-2018-03-26-11_36_26.png

For recipients

Recipients of the blocked email may receive a notification (for details see 4.2 Security rules) about the fact that the email was blocked, and a link where rescanning can be initiated.

The link, where rescanning can be initiated, has a limited availability that can be configured under Settings > Global settings. For details see the Notification and report settings section in 3.4 General settings.

Rescan link visibility

Please note that if the Public Server Address is not set under Settings > Global settings then the rescan link won't be included in the notification email.

A notification email for the recipients with the public rescan link should look like this:

images/download/attachments/36831931/pw_rescan_link_report.png

By clicking on the link the recipient should see a page where she can provide the password for the attachments

images/download/attachments/36831931/screencapture-172-16-201-51-8058-2018-03-22-16_01_35.png

If every password were correct and the attachments were not blocked by MetaDefender Core then you will see the The email has successfully been rescanned message and your email will be sent to the original recipients and in the meantime it will be removed from the quarantine.

images/download/attachments/36831931/screencapture-172-16-201-51-8058-2018-03-26-11_42_43.png

If one of the passwords was wrong or MetaDefender Core blocked one or more of the attachments you will see a Failed to rescan email error message and the email will be kept in quarantine.

images/download/attachments/36831931/screencapture-172-16-201-51-8058-2018-03-26-11_42_20.png

When opening a rescan link with expired link availability you should see the following error:

images/download/attachments/36831931/screencapture-172-16-201-51-8058-2018-03-26-10_59_33.png

When opening the rescan link for an email which have been already rescanned you should see the following error:

images/download/attachments/36831931/screencapture-172-16-201-51-8058-2018-03-26-11_46_52.png

Specialities

Multiple recipients

Case

Who is to provide the passwords?

Recipients are matched by the same rule under Policy > Security rules

Only one of the recipients need to provide the passwords. If the rescan succeeds, then all original recipients will receive the email after the rescan. (This behavior can be overwritten by turning on "SEND UNIQUE RESCAN LINK FOR EVERY RECIPIENT" option in the Security rules.)

Recipients are matched by different rules under Policy > Security rules

All recipients need to provide the passwords. Only that recipient receives the email after the successful rescan, that provided the correct passwords.

Software requirements

File type category to process

MetaDefender Core side engine required

Archive files

Archive engine

Limitations

Supported file types

MetaDefender Email Gateway Security supports the following file types as password protected attachments

Email Gateway Security version

MetaDefender Core version

Supported file type category

Examples

Notes

4.2.0

 

Archive files

.zip, .rar, .7z

 

4.6.1

4.14.3 (or newer)

Portable Document Format

.pdf

Core 4.14.3 required

Rescanning Portable Document Format and Microsoft Office documents is only supported when MetaDefender Core version 4.14.3 (or newer) is in use.

Microsoft Office

.docx

Depth

MetaDefender Email Gateway Security supports root elements only as password protected attachments.

Examples

Archive structure

Status

  • Root level password protected archive

    • Embedded text file

    • Embedded archive

Supported

  • Root level archive

    • Embedded text file

    • Embedded password protected archive

Not supported