We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

How does the Email Security Gateway handle file attachment policy?

  • Type: Knowledgebase
  • Date changed: 11 months ago
Solution #00002993

Scope:
All Barracuda Spam Firewalls, all firmware versions.

Answer:
In firmware versions 3.5.10 and earlier, the Barracuda Spam Firewall blocks file attachments for content as well as filename extension. For example, on the Block/Accept > Attachment Filtering page, if exe is listed as a blocked extension, the Barracuda Spam Firewall looks into the contents of the attachment and determines whether or not the file contains an executable file regardless of the filename or file extension. If the attachment file is determined to be or contain an executable file, the message will be blocked. Also, if the filename ends in exe, it will be blocked.

In firmware versions 3.5.11 and above, the Barracuda Spam Firewall is able to block email attachments based on filename extension without checking the file's contents. If you specify an extension without a leading period ('.'), like exe, file attachments will be blocked not only on the basis of filename extensions, but also on their apparent content. If you specify an extension with the period, like .exe, only the filename extension is taken into account.

For example, if you specify zip as an extension to block, an email is sent with a zip file attachment, and the attachment's filename doesn't end with .zip, it would still be blocked, because the attachment's filetype would be detected as being a zip archive file. However, if you specify .zip as the extension to block, that attachment would only be blocked in the event that its name ends with .zip (this is useful if you do not wish to block Microsoft Office 2007 documents, which are actually zip archive-format files). In all cases, zip files will still be scanned for blocked extensions if you have enabled the Block Extensions in Archives option on the Block/Accept > Attachment Filtering page.

Additional Notes:
You can configure the Barracuda Spam Firewall to block or quarantine password protected archives on the page by setting the Block/Accept > Attachment FilteringBlock Password Protected Archives option or Quarantine Password Protected Archives to Yes. However, if you choose to allow password protected archives (such as zip and rar files), the Barracuda Spam Firewall will be unable to check inside those passworded archive files for prohibited file types and extensions (because the Barracuda Spam Firewall will not know the password). This means that if the Block File Types In Archives or Quarantine File Types In Archives options are set to Yes when passworded archives are allowed, passworded archives will not be inspected by the Barracuda Spam Firewall.

Please note that even if you allow a specific attachment type (i.e. zip attachments) by not entering the file type in Block/Accept > Attachment Blocking, the virus scanner on your Email Security Gateway will still scan the attachment and block as necessary. You can confirm you currently have virus scanning enabled by navigating to Basic > Virus Scanning. Detected viruses will not be quarantined or delivered to the intended recipient - even if the message has been whitelisted by a Block/Accept filter.

Link to This Page:
https://campus.barracuda.com/solution/50160000000H4fAAAS