4.4.1. Disclaimers

What is a disclaimer?

A disclaimer is a text addendum in an email that informs the recipient about certain circumstances about the processing of the email.

Disclaimer use cases

Disclaimers may be set for the following cases in Email Gateway Security:

  • For an email that was allowed (e.g. no infection or sensitive data was found) under Securtiy rules / rule / SCAN / Allowed actions. images/download/attachments/5716406/image-20200325-075944.png

  • For an email that was blocked (e.g. infected or sensitive data found) but delivered cause Securtiy rules / rule / ADVANCED THREAT PREVENTION / Handling of the email is set either to Delete blocked content or Deliver blocked contents. Set the disclaimer for these cases under Securtiy rules / rule / ADVANCED THREAT PREVENTION / Blocked actions. images/download/attachments/5716406/image-20200325-080008.png

  • For an email that was blocked due to password protected attachments but was delivered cause Securtiy rules / rule / ADVANCED THREAT PREVENTION / Handling of the email is set either to Delete blocked content or Deliver blocked contents. Set the disclaimer for this case under Securtiy rules / rule / ADVANCED THREAT PREVENTION / Encrypted attachments. images/download/attachments/5716406/image-20200325-080028.png

  • For an email that was disarmed and reconstructed under Securtiy rules / rule / ZERO-DAY MALWARE PREVENTION / Zero-Day Malware Prevention.
    images/download/attachments/5716406/image-20200325-080041.png

  • For an email thats disarm and reconstruction failed under Securtiy rules / rule / ZERO-DAY MALWARE PREVENTION / Zero-Day Malware Prevention / Override sanitization behavior.
    images/download/attachments/5716406/image-20200325-080139.png

  • For an email that has attachments uploaded under Securtiy rules / rule / UPLOAD ATTACHMENTS / Upload attachments / Upload attachements to MetaDefender Vault / Attachment notice. images/download/attachments/5716406/image-20200325-080153.png

  • For an email that was bypassed under Securtiy rules / rule / ADVANCED / Override error handling behavior. images/download/attachments/5716406/image-20200325-080220.png

For details see 4.4. Policy.

Disclaimer editor

For each disclaimer Email Gateway Security has a what-you-see-is-what-you-get disclaimer with all needed functionality built-in. For example, it has support for text styles, links and lists.

The position of the disclaimer can be set to before or after the contents of the email.

A disclaimer style can be applied to emphasize content to the user (HTML only).

The alignment of the disclaimer can be changed to left or right aligned clicking the and button.

images/download/attachments/5716406/image-20210413-115537.png

Positions

A disclaimer may be added either

  1. Before the contents of the original email body (head of the email body) or

  2. After the contents of the original email body (end of the email body).

Styles

The following built-in styles are supported for disclaimers:

  1. None: no further formatting of the disclaimer

  2. Information: the disclaimer is displayed as a blue box

  3. Warning: the disclaimer is displayed as a yellow box

  4. Critical: the disclaimer is displayed as a red box

images/download/attachments/5716406/image-20210428-122013.png

Views

Each disclaimer editor has the following two views:

  1. HTML: to edit the disclaimer for HTML formatted emails in a what-you-see-is-what-you-get editor,

  2. PLAIN TEXT: to edit the disclaimer for plain text formatted emails in a text editor.

Disclaimer variables

Variable format

The common format of a variable looks like this: %[<prefix>]<variable_name>[<placeholder>]%

A variable contains three parts:

  • prefix: this text will be displayed before the value of the variable if the value is not empty or there is a placeholder defined

  • variable_name: the name of the variable

  • placeholder: this text will be displayed if the vale of the variable is empty

Examples:

Variable

Value

Output in disclaimer

%[]email_subject[]%

Test subject

Test subject

%[]email_subject[]%

""

""

%[Subject: ]email_subject[]%

Test subject

Subject: Test subject

%[Subject: ]email_subject[]%

""

""

%[Subject: ]email_subject[No subject]%

""

Subject: No subject

%[]email_subject[No subject]%

""

No subject

%[]email_subject[No subject]%

Test subject

Test subject

Available variables

Generally available variables

The following variables are available for any disclaimer:

  • email_date

  • email_sender

  • email_recipients

  • email_subject

  • email_message_id

  • origin_ip

  • scan_verdicts

Specific variables

Emails with encrypted attachments

The following variables are available for disclaimers to emails with encrypted attachments only:

Variable

Description

rescan_link_url

Replaced by the Settings > General / Configuration / Public server name (see 4.3. Settings). If the Public server name is not set then the "Your administrator did not set a public server address for rescan" text will be displayed instead.

rescan_link_expiry

Replaced by the Settings > General / Configuration / Rescan link availability value.

rescan_link_expiry_time

Replaced by the date and time value calculated using the Settings > General / Configuration / Rescan link availability value.

Calculation method

The date and time value is calculated as:

(Time of email arrival to Email Gateway Security) + (Settings > General / Configuration / Rescan link availability)

UTC or server local time

The value of Settings > General / Configuration / Use the server's local timezone affects the format of this value:

Server local time images/download/attachments/5716406/local.png

UTC images/download/attachments/5716406/utc.png

Sanitized emails

The following wariables are available for emails that have sanitized contents:

Variable

Description

hyperlinks

This variable applies when an email got processed by Deep CDR, and disclaimers are enabled for emails with sanitized contents: images/download/attachments/5716406/image-20210211-083944.png

The Deep CDR engine in MetaDefender Core (under Inventory > Modules / Deep CDR / Settings / HTML CONFIGURATION / PROCESS HYPERLINK BEHAVIOR) can be configured to return the list of hyperlinks in the processed file: images/download/attachments/5716406/image-20210211-084412.png

The hyperlink variable gets replaced by the list of hyperlinks in the email body when the variable is set in the sanitized disclaimer: images/download/attachments/5716406/image-20210211-085241.png

This configuration results in a disclaimer attached to the email listing the hyperlinks within the email body: images/download/attachments/5716406/image-20210211-085513.png

Example disclaimer with variables

Here is an example disclaimer for blocked contents:

---
MetaDefender Email Gateway Security has removed one or more attachments in this email because it contained potentially malicious embedded objects. For more information on MetaDefender Email Gateway Security, please visit https://www.opswat.com/products/metadefender/email-security.
 
%[Date: ]email_date[]%
%[Sender: ]email_sender[]%
%[Recipients: ]email_recipients[]%
%[Subject: ]email_subject[]%
%[Message ID: ]email_message_id[]%
%[Origin IP: ]origin_ip[]%
%[Scan verdicts: ]scan_verdicts[]%

And an example result after sending an infected attachment:

---
MetaDefender Email Gateway Security has removed one or more attachments in this email because it contained potentially malicious embedded objects. For more information on MetaDefender Email Gateway Security, please visit https://www.opswat.com/products/metadefender/email-security.
 
Date: 2018-08-15 13:07:51 UTC
Sender: test1@test.com
Recipients: test2@test.com
Subject: Eicar attachment
Message ID: 90b5cc66-cf5d-9ef5-9ac8-4f9dcce083aa@test.com
Origin IP: 127.0.0.1
Scan verdicts: Eicar attachment/eicar.com: Infected