Overview
An organization may want to allow certain users to receive password-protected archives or files, but the Decompression Engine rule that blocks password-protected archives included as email attachments does not allow exceptions.
This article provides a workaround that can be used to create a Whitelist policy exception to allow certain password-protected files to be delivered to the intended recipients.
Solution
This workaround has been tested on GFI MailEssentials 20.3 with all patches installed and later
GFI MailEssentials must be installed in Active Directory mode i.e. on a machine that is joined to an Active Directory domain and retrieves the list of mail-enabled users from Active Directory.
The following two-step workaround lets administrators create an exception, using a Whitelist policy that allows password-protected files to pass through the Decompression Engine based on Username, User Group, and Public Folder Name.
Step 1: Create an Attachment Filtering rule
-
Open the GFI MailEssentials Configuration UI.
-
Navigate to Content Filtering > Attachment Filtering.
-
Click on the Add Rule button
-
Under the Rule name, type a name for the rule and take note of it.
-
Check Block this list, type the desired file type (e.g.
*.7z
) and click Add. -
Go to Users/Folders tab and select Only this list.
-
Click Add to add email users, user groups and/or public folders to the list.
NoteYou cannot set external senders/domains as exclusions in the Attachment filter.
-
Click Apply.
-
Check the newly created rule and click Enable Selected.
Step 2: Create a new Registry key
-
On the GFI MailEssentials server, open the Registry editor:
- Click Start > Run
- Type
regedit
to launch the Windows Registry Editor.
-
Navigate to:
- X86:
HKEY_LOCAL_MACHINE\SOFTWARE\GFI\MailEssentials\EmailSecurity\config
- X86_64:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\MailEssentials\EmailSecurity\config
- X86:
-
Right-click and select New > String Value
-
Right-click and select Modify
- Value name:
ContentFilterWhitelist
- Value data:
The name of the rule created in step 1
- Value name:
- If MailEssentials is not installed in Active Directory mode or the version is not 20.3 or newer, then the proposed solution will not work.
- The procedure takes effect immediately, no services need to be restarted.
- While creating the rule as described in Step 1, you can specify if the policy should apply to all emails or depending on the scan direction: inbound, outbound, and/or internal by checking the corresponding check-boxes.
- Email Security engines have a higher priority than the Anti-Spam filters and the Whitelist therefore emails can still be blocked if malware is detected.
- The Whitelist policy applies to both sender and recipient
- You cannot set external senders/domains as exclusions in the Attachment filter.
- If any of the whitelisted users are found in the recipients' list or as the sender, the Email is whitelisted and delivered to all recipients
- The procedure will not work if the email is encrypted, digitally signed, or both