An organization may want to allow certain users to receive password-protected archives or files, but the Decompression Engine rule that blocks password-protected archives included as email attachments does not allow exceptions.
This article provides a workaround that can be used to create a Whitelist policy exception to allow certain password-protected files to be delivered to the intended recipients.
This workaround has been tested in the following environment:
- GFI MailEssentials 20.3 with all patches installed or later
- GFI MailEssentials must be installed in Active Directory mode i.e. on a machine that is joined to an Active Directory domain and retrieves the list of mail-enabled users from Active Directory.
The following two-step workaround lets administrators create an exception, using a Whitelist policy which allows password-protected files to pass through the Decompression Engine based on Username, User Group, and Public Folder Name.
Step 1: Create an Attachment Filtering rule
Log in to GFI MailEssentials configuration console.
Navigate to GFI MailEssentials > Content Filtering > Attachment Filtering.
Click Add Rule....
Under the Rule name type a name for the rule and take note of it.
Check Block this list, type the desired file type (e.g.
*.7z) and click Add.
Go to Users/Folders tab and select Only this list.
Click Add to add email users, user groups and/or public folders to the list.
- Note: You cannot set external senders/domains as exclusions in the Attachment filter.
Check the newly created rule and click Enable Selected.
Step 2: Create a new Registry key
On the GFI MailEssentials server click Start > Run Type
regeditto launch the Windows Registry Editor.
- 32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\GFI\MailEssentials\EmailSecurity\config
- 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\MailEssentials\EmailSecurity\config
Right-click and select New > String Value
Right-click and select Modify
- Value name:
- Value data:
The name of the rule created in step 1
- If MailEssentials is not installed in Active Directory mode or the version is not 20.3 or newer, then the proposed solution will not work.
- The procedure takes effect immediately, no services need to be restarted.
- While creating the rule as described in Step 1, you can specify if the policy should apply to all emails or depending on the scan direction: inbound, outbound, and/or internal by checking the corresponding check-boxes.
- Email Security engines have a higher priority than the Anti-Spam filters and the Whitelist therefore emails can still be blocked if malware is detected.
- The Whitelist policy applies to both sender and recipient
- You cannot set external senders/domains as exclusions in the Attachment filter.
- If any of the whitelisted users are found in the recipients' list or as the sender, the Email is whitelisted and delivered to all recipients
- The procedure will not work if the email is encrypted, digitally signed, or both