Messages with multiple attachments – Google Message Security for Google Apps Administration Guide User Manual

274

Message Security for Google Apps Administration Guide

Following are technical details for the compressed file scanning feature:

•

Compressed file types: Attachment Manager opens the most common
compressed file types, including

.zip

,

.tar

,

.gz

,

.lzh

, and

win.dat

files.

If compressed file cannot be opened and the contents scanned,
Attachment Manager filters the message based on the compressed file
type.

•

Files with differing dispositions: When an attachment contains
multiple files that trigger both bounce and approve/quarantine
dispositions, Attachment Manager quarantines the message (the less
severe action). For example:

Scenario 1: The message attachment is a .zip file that contains a .doc file.
Attachment Manager is configured to quarantine .zip files but approve
.doc files. This results in conflicting dispositions, and the message is
quarantined.

Scenario 2: The message attachment is a .zip file that contains a .exe file.
Attachment Manager is configured to quarantine .zip files, but bounce
executable files. In this scenario, the message is quarantined.

Scenario 3: The message attachment is a .zip file that contains a .exe file.
Attachment Manager is configured to bounce executable files. In this
scenario, the message is bounced.

•

File identification: Attachment Manager identifies the compressed file
and the files within by either extension scanning (the default method) or
binary scanning, whichever scanning method you've configured.

•

Nested compressed files: When compressed files are nested within
other compressed files, Attachment Manager opens and scans the
contents. Attachment Manager will open many levels of nested
compressed files, however, if the attachment shows the heavy nesting
pattern associated with viruses, the message is identified as virus-
infected and processed by the Virus Blocking filter.

Messages with Multiple Attachments

If the message has multiple attachments, Attachment Manager evaluates the
message as follows:

•

If only one attachment triggers a filter, Attachment Manager performs the
disposition of that filter on the entire message, including all other attachments.

•

If two or more attachments trigger a separate filter with different dispositions
(except Ignore), Attachment Manager quarantines the message. For
example, the message attachment is a

.zip

file that contains a

.doc

file.

Attachment Manager has been configured to quarantine

.zip

files but

approve

.doc

files. This results in conflicting dispositions, and the message is

quarantined. That way, the administrator can review the message and decide
what to do with it. If an administrator quarantine redirect address has not been
configured, the message is sent to the user quarantine.