How do I configure rules to manage Anti-Virus Scanners blocking password protected files?


This article applies to:

  • Trustwave MailMarshal (SEG)
  • Trustwave ECM/MailMarshal Exchange

Question:

How do I configure rules to manage Anti-Virus Scanners blocking password protected Microsoft Excel spreadsheets or other files?

Procedure:

Current versions of MailMarshal Default Rules include two rules (per direction): Block Malware - Virus Scanner and Block Malware - Virus Scanning Errors. The second rule covers password protected files and some other cases.

These rules use different quarantine locations and different notification methods. When you enable scanning, enable both rules to cover all the possibilities. You can create further rules to separate the various results. You can perform different actions for each set of quarantined email.

Notes:

  • Important:  Any file that cannot be fully scanned should be treated with great care, since it is not proven to be clean. For greatest security password protected files should not be passed through without inspection.

  • This article applies to DLL-based anti-virus scanner interfaces only. It does not apply to command line anti-virus scanners.

This article was previously published as:
NETIQKB35042

Last Modified 5/1/2020.
https://support.trustwave.com/kb/KnowledgebaseArticle10288.aspx