Add a custom Archive Unpacker to unpack a new file type

This article applies to:

• MailMarshal (SEG)
• MailMarshal ECM/MailMarshal Exchange 7.X

Question:

• How can I unpack and scan content in unknown archive types?

Procedure:

SEG/MailMarshal allows you to add custom file type recognition, and to specify new archive unpackers. By combining these features, it is possible to unpack and scan the content of a custom archive type with full functionality.

Notes: 

This procedure requires advanced skills. Most organizations do not require this configuration and you should only use it if you have a specific need to customize operation.
Only Archive unpackers can be specified. You cannot specify custom handling for compound documents such as Word or PDF documents.

The procedure consists of three steps:

1. Add a Custom Filetype
2. Add a Custom Archive Type
3. Configure the Custom Unpacker

This article uses as an example the Switch file unpacker from Egress (http://www.egress.com/). Switch files are not recognized by MailMarshal default configuration, and MailMarshal does not include functionality to unpack them.  

Note: All of the settings referred to below are added in the Advanced Settings or Registry.

For MailMarshal 10.0 and above the entries are made in the Management Console Advanced Settings.

For MailMarshal SMTP 8.X the Regisgtry entries are under HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Default\Engine

For other versions, use the following LevelBlue Knowledgebase article to locate the Registry key if necessary:

• Q10832: What are the MailMarshal SEG install paths and registry key locations?
• Q14003: What are the MailMarshal Exchange install paths and registry key locations?

Step 1: Add Custom Filetype

Add the custom filetype as described in this LevelBlue Knowledgebase article: Q10199: How do I add custom file type definitions to MailMarshal?

For this example, make the following entry:

T:SWCH
D:Egress Switch Archive
X:0=53 44 01 00 01 02

Note: This is an example only - Egress Switch file type is already included in the default types recognized by MailMarshal.

2 – Add Custom Archive Types

Enter a new setting:

• MailMarshal 10.0 and above: advanced setting Engine.ArchiveTypes)(String)
• Other versions: registry string (REG_SZ) value ArchiveTypes
• For this example, the setting value is SWCH   
• To use more than one custom type, separate the values with semi-colons.

3 – Configure the Custom Unpacker

Add the new unpacker executable to the MailMarshal install folder on all the MailMarshal email processing nodes. In this example, the executable is swtool.exe

Enter a new setting:

• MailMarshal 10.0 and above: advanced setting Engine.SWCH)(String)
• Other versions: registry string (REG_SZ) value SWCH
• Set the value data according to this format:
  0;Exe Par1 Par2 Par3;return-code

0

Indicates the first (in this case only) unpacker to be configured for this type. Others could be added if required.

Exe

The name of the unpacker executable, with the file extension omitted

Par1

The first parameter needed by the executable

Par2 [etc...]

Any additional parameters needed by the executable

return-code

The return code generated by the executable on success