Emails are a popular medium for distributing malware. While most malicious attachments are reliably detected by the integrated CYREN Antivirus Filter, new malware can occasionally go undetected. With the help of NoSpamProxy, however, it is possible to block potentially harmful attachments, to allow only senders considered trustworthy by the Level of Trust or to quarantine them.
Please note that the quarantine functionality requires a working Web Portal and Large Files license.
Creating a content filter to block, filter or quarantine attachments
- Go to Configuration > Content filter > Content filters.
- Click Add, enter a name for the filter and click Next.
- In the Content filter entries dialog, click Add.
- In the Content filter entry dialog, enter a name for the entry and configure the entry according to your requirements.
- Click Save and close.
- (Optional) Repeat steps 3 and 4 if needed.
Activating the content filter for all inbound emails
- Go to People and identities > Partners > Partners > Default partner settings and click Modify.
- On the Content filtering tab, for inbound emails select the filter you just created.
- Click Save and close.
It is also possible to define your own content filtering for individual senders, e.g. to allow certain attachments from certain senders that are otherwise prohibited.
To do this, adjust the respective content filter according to your requirements and activate it
- for the entire sender domain (e.g. example.com) or
- for individual users within a domain (e.g. “support” as part of example.com, i.e. firstname.lastname@example.org).
Please note that these filters will override the global and domain-specific default settings.
List of potentially harmful attachments and recommended procedure
Please note that these are only recommendations of a general nature and are not suitable in every scenario.
Starting with version 11.1 you can automatically release files after a period of time (default 2 hours) after a new scan by the Cyren engine has been performed and returned no positive results. This procedure is especially recommended for attachments to be quarantined according to the list below. Usually, malicious content is detected after 30 minutes at the latest. While the content is not yet detected as harmful when it arrives, this can often be the case after a short time.