4.4.1. Disclaimers

What is a disclaimer?

A disclaimer is a text addendum in an email that informs the recipient about certain circumstances about the processing of the email.

Disclaimer use cases

Disclaimers may be set for the following cases in Email Gateway Security:

  • For an email that was allowed (e.g. no infection or sensitive data was found) under Securtiy rules / rule / SCAN / Allowed actions. images/download/attachments/4658203/image-20200325-075944.png

  • For an email that was blocked (e.g. infected or sensitive data found) but delivered cause Securtiy rules / rule / ADVANCED THREAT PREVENTION / Handling of the email is set either to Delete blocked content or Deliver blocked contents. Set the disclaimer for these cases under Securtiy rules / rule / ADVANCED THREAT PREVENTION / Blocked actions. images/download/attachments/4658203/image-20200325-080008.png

  • For an email that was blocked due to password protected attachments but was delivered cause Securtiy rules / rule / ADVANCED THREAT PREVENTION / Handling of the email is set either to Delete blocked content or Deliver blocked contents. Set the disclaimer for this case under Securtiy rules / rule / ADVANCED THREAT PREVENTION / Encrypted attachments. images/download/attachments/4658203/image-20200325-080028.png

  • For an email that was disarmed and reconstructed under Securtiy rules / rule / ZERO-DAY MALWARE PREVENTION / Zero-Day Malware Prevention.
    images/download/attachments/4658203/image-20200325-080041.png

  • For an email thats disarm and reconstruction failed under Securtiy rules / rule / ZERO-DAY MALWARE PREVENTION / Zero-Day Malware Prevention / Override sanitization behavior.
    images/download/attachments/4658203/image-20200325-080139.png

  • For an email that has attachments uploaded under Securtiy rules / rule / UPLOAD ATTACHMENTS / Upload attachments / Upload attachements to MetaDefender Vault / Attachment notice. images/download/attachments/4658203/image-20200325-080153.png

  • For an email that was bypassed under Securtiy rules / rule / ADVANCED / Override error handling behavior. images/download/attachments/4658203/image-20200325-080220.png

For details see 4.4. Policy.

Disclaimer editor

For each disclaimer Email Gateway Security has a what-you-see-is-what-you-get disclaimer with all needed functionality built-in. For example, it has support for text styles, links and lists.

The position of the disclaimer can be set to before or after the contents of the email.

A disclaimer style can be applied to emphasize content to the user (HTML only).

images/download/attachments/4658203/image-20200325-080311.png

Disclaimer variables

Variable format

The common format of a variable looks like this: %[<prefix>]<variable_name>[<placeholder>]%

A variable contains three parts:

  • prefix: this text will be displayed before the value of the variable if the value is not empty or there is a placeholder defined

  • variable_name: the name of the variable

  • placeholder: this text will be displayed if the vale of the variable is empty

Examples:

Variable

Value

Output in disclaimer

%[]email_subject[]%

Test subject

Test subject

%[]email_subject[]%

""

""

%[Subject: ]email_subject[]%

Test subject

Subject: Test subject

%[Subject: ]email_subject[]%

""

""

%[Subject: ]email_subject[No subject]%

""

Subject: No subject

%[]email_subject[No subject]%

""

No subject

%[]email_subject[No subject]%

Test subject

Test subject

Available variables

Generally available variables

The following variables are available for any disclaimer:

  • email_date

  • email_sender

  • email_recipients

  • email_subject

  • email_message_id

  • origin_ip

  • scan_verdicts

Specific variables

Emails with encrypted attachments

The following variables are available for disclaimers to emails with encrypted attachments only:

Variable

Description

rescan_link_url

Replaced by the Settings > General / Configuration / Public server name (see 4.3. Settings). If the Public server name is not set then the "Your administrator did not set a public server address for rescan" text will be displayed instead.

rescan_link_expiry

Replaced by the Settings > General / Configuration / Rescan link availability value.

rescan_link_expiry_time

Replaced by the date and time value calculated using the Settings > General / Configuration / Rescan link availability value.

Calculation method

The date and time value is calculated as:

(Time of email arrival to Email Gateway Security) + (Settings > General / Configuration / Rescan link availability)

UTC or server local time

The value of Settings > General / Configuration / Use the server's local timezone affects the format of this value:

Server local time images/download/attachments/4658203/local.png

UTC images/download/attachments/4658203/utc.png

Example disclaimer with variables

Here is an example disclaimer for blocked contents:

---
MetaDefender Email Gateway Security has removed one or more attachments in this email because it contained potentially malicious embedded objects. For more information on MetaDefender Email Gateway Security, please visit https://www.opswat.com/products/metadefender/email-security.
 
%[Date: ]email_date[]%
%[Sender: ]email_sender[]%
%[Recipients: ]email_recipients[]%
%[Subject: ]email_subject[]%
%[Message ID: ]email_message_id[]%
%[Origin IP: ]origin_ip[]%
%[Scan verdicts: ]scan_verdicts[]%

And an example result after sending an infected attachment:

---
MetaDefender Email Gateway Security has removed one or more attachments in this email because it contained potentially malicious embedded objects. For more information on MetaDefender Email Gateway Security, please visit https://www.opswat.com/products/metadefender/email-security.
 
Date: 2018-08-15 13:07:51 UTC
Sender: test1@test.com
Recipients: test2@test.com
Subject: Eicar attachment
Message ID: 90b5cc66-cf5d-9ef5-9ac8-4f9dcce083aa@test.com
Origin IP: 127.0.0.1
Scan verdicts: Eicar attachment/eicar.com: Infected