4.9 Integration with MetaDefender Vault

About MetaDefender Vault

From MetaDefender Vault's documentation: "MetaDefender Vault (previously Metadefender Secure File Transfer) offers a safe process for transferring files to and from secure networks as well as a way to safely store and limit access to files. With the native integration between MetaDefender Vault and Metadefender Core, you can be sure that only files that were not detected as a threat will be accessible by your organization.

By integrating MetaDefender Vault with MetaDefender Email Gateway Security you will be able to investigate blocked files easier, store the original version of sanitized files on a separate storage, save email storage by replacing attachments with URLs and more.

Inline images

To maintain a good end user experience MetaDefender Email Gateway Security won't upload/delete inline images when integrated with MetaDefender Vault.

Example use cases

Accessing false positive attachments

Having an attachment removed because of a false positive scan result can harden both the end users and the administrator's everyday life. By enabling MetaDefender Email Gateway Security to upload blocked files to MetaDefender Vault an end-user can try to download the file from Vault later. MetaDefender Vault can rescan files periodically so if a file becomes clean later the user will be able to download it.

You can also give a protection about false negatives. For more information please check MetaDefender Vault's Outbreak Prevention.

images/download/attachments/36831993/Screenshot_from_2018-09-28_12-32-03.png

Accessing original version of sanitized files

If you have sanitization enabled for emails you may would like to access the original files or have them on a separate storage. You can configure MetaDefender Email Gateway Security to upload original versions of sanitized files and add URLs for accessing them into the modified email.

images/download/attachments/36831993/Screenshot_from_2018-09-28_12-33-58.png

Sending larger attachments and saving email storage

MetaDefender Email Gateway Security can upload your attachments to MetaDefender Vault while removing them from the original email and adding URLs for accessing them. This feature makes possible for end users to send/receive attachments which exceeds the email server's file limit and it can also save precious storage space on your email server.

images/download/attachments/36831993/Screenshot_from_2018-09-28_12-36-01.png

Prerequisites and limitations

You will need a running and accessible MetaDefender Vault and an API token which can be used for uploading files. Please check this page for more information about API tokens. Authentication requirement for downloading files should be turned off on MetaDefender Vault.

No MetaDefender Vault related action will take place for emails with blocked content if the selected action in the security rule is to block the whole email.

Configuring Security Rules

You can setup MetaDefender Vault for every security rule separately under the "Vault" tab. If you want to upload attachments in a given security rule you should enable "UPLOAD ATTACHMENTS TO VAULT" and configure the following settings.

images/download/attachments/36831993/image2019-8-12_13-35-39.png

Upload attachments to

The MetaDefender Vault type server profile must be specified here to which the attachments will be uploaded according to the configuration below.

Uploaded attachment types

You can select which attachments to upload based on their scan verdicts.

Upload blocked attachments

By selecting this option every attachment which was blocked will be uploaded to MetaDefender Vault.

Upload sanitized attachments

By selecting this option every attachment which was sanitized will be uploaded to MetaDefender Vault.

Upload partially sanitized attachments

By selecting this option every attachment which was partially sanitized will be uploaded to MetaDefender Vault.

This requires the 'Distinguish partial archive sanitization result' option checked in the MetaDefender Core rule used to scan content with. See MetaDefender Core > 3.6.2. Workflow template configuration for more information.

Upload original of sanitized attachments

By selecting this option every attachment which was an origin for a sanitized one will be uploaded to MetaDefender Vault.

Upload attachments that failed sanitization

By selecting this option every attachment where the sanitization failed will be uploaded to MetaDefender Vault.

If both

  1. UPLOAD ORIGINAL OF SANITIZED ATTACHMENTS and

  2. UPLOAD ATTACHMENTS THAT FAILED SANITIZATION

are enabled –and the sanitization fails– then the original file will be uploaded only once.

Upload bypassed attachments

By selecting this option every attachment that was bypassed by Email Gateway Security will be uploaded to MetaDefender Vault.

Upload allowed attachments

By selecting this option every attachment which was allowed will be uploaded to MetaDefender Vault.

Allowed vs original of sanitized

Please note that if an attachment is allowed but gets sanitized then it won't be uploaded if only the "Upload allowed attachments" is selected. If you want to upload these kind of attachments you should have "Upload original of sanitized attachments" enabled.

Options

Remove uploaded attachments from email

By enabling this option every attachment which was successfully uploaded to MetaDefender Vault will be removed from the email. If uploading an attachment fails the removal will be skipped. Blocked files will be removed regardless this setting if the action for blocked contents is to "Delete blocked contents".

Include scan result

By enabling this option, Email Gateway Security will upload the scan results to Vault besides the attachment as metadata. As a result Vault will know the verdict of the scan and can make the file available immediately.

Upload to user's own vault account

Depending whether the email was matched by an inbound or an outbound rule, based on the email addresses, the files will be uploaded to the recipients' (inbound) or senders' (outbound) own Vault accounts (when the account exists on the Vault at all). This feature requires appropriate permissions (impersonation) on Vault.

If no account exist with the recipient email address on the Vault, then the file will be uploaded to the account that is assigned to the API key specified in the MetaDefender Vault type server profile set for the matching rule.

Example

images/inline/a3023f58bd77050344d738b119f632b93b0f8e7d.png

Attachment notification

You can setup custom notification text for plain text and HTML emails and you can also select the position of the notification (before or after the original content).

Removal of URL list placeholder

You should not remove %[]vault_list[]% from the notification texts as it would lead to missing URLs.

Browsing email attachments in MetaDefender Vault

MetaDefender Email Gateway Security will upload attachments to MetaDefender Vault using this folder structure for easier browsing "MetaDefender Email Gateway Security/<date>/<subject> <message id>/". For example:

  • MetaDefender Email Gateway Security

    • 2018-09-28

      • Test subject <12345>

        • Attachment 1

        • Attachment 2

      • Test subject 2 <No Message Id (456)>

        • Attachment 1

    • 2018-09-27

      • Test <555>

        • Attachment 1

If an email doesn't have a message id "No Message Id (<random ID>)" will be used instead for unique identification.

images/download/attachments/36831993/Screenshot_from_2018-09-28_13-29-44.png

If you know an email's message id (you can easily check it in email details) you can search for it for a fast access:

images/download/attachments/36831993/Screenshot_from_2018-09-28_13-35-52.png

Upload information in Processing history

You can find information about attachment upload to Vault in the processing history of an email. You will see if an attachment was successfully uploaded or if there was some error while uploading it.

Successful upload:

images/download/attachments/36831993/Screenshot_from_2018-09-28_13-38-50.png

Failed upload:

images/download/attachments/36831993/Screenshot_from_2018-09-28_13-40-10.png

Troubleshooting

Problems during upload

If you are getting errors for upload please check the followings:

  • Vault URL is correct:

    • You are using the correct format: http(s)://<host>:<port>/vault_rest

    • You are using http scheme for Vault without HTTPS and using http scheme for Vault with HTTPS

    • You are using the port for REST API and not the port for UI

  • Vault API key is correct

  • Vault is accessible from the machine where MetaDefender Email Gateway Security is installed

  • If Vault is used with HTTPS enabled then the certificate can be trusted on the machine where MetaDefender Email Gateway Security is installed

Unexpected host in MetaDefender Vault URLs

URLs inserted into emails are generated by MetaDefender Vault. If you experience URLs with unexpected host in them then you should configure MetaDefender Vault's host which is used for accessing the UI and link generation. More information can be found here.