Spam Experts Help

How can I Block Dangerous Attachments?

Spam Experts allows you to block a large amount of malware, however new malware campaigns can emerge that are able to evade all Antivirus and Anti-Spam filters. Because of this, we advise that you ensure that the "Block attachments that contain hidden executables" option is enabled for all your domains by default (the system default option is 'enabled').

This prevention is highly effective against so called 0-day malware. Once this is enabled, messages that are sent with executables within a compressed archive (e,g. .zip, .rar etc.) are rejected and quarantined.

The Block attachments that contain hidden executables option only affects messages that contain an executable within a compressed archive. The check is executed 3 layers deep into archived messages.

For information on the range of attachment blocking functions, see Manage Attachment Restrictions.

Access the Attachment Restrictions page

In the Domain Level Control Panel, select Incoming - Protection Settings > Attachment Restrictions.

In this page you can perform the following tasks:

Block Attachments Containing Hidden Executables at Domain Level

To block dangerous attachments for a specific domain only:

  1. In the Restriction Options panel, place a tick in the Block attachments that contain hidden executables checkbox.
  2. Click Save.

Block Specific Extension Types

You can also block messages based on their attachment type. You can add more attachment types to the list of default ones already set up in the system.

  1. In the Blocked extensions panel, place a tick in the checkbox alongside the extension type you want to block.
  2. To add more extension types, use the Add new extensions field.
  3. Click Save.

Block Password Protected Archives

Spammers often use the trick of sending password encrypted archives in the hope to bypass some filters, and saying the “password” in the body of the spam message. These messages can be blocked by enabling the “Block Password Protected Attachments” feature.

  1. In the Restriction Options panel, place a tick in the Block password-protected archive attachments checkbox.
  2. Click Save.

Enable Scanned Link Extensions

This option (which is disabled by default) allows you to configure your domain(s) to allow the download of files of a specific extension type from links within an email. The system scans the files for any viruses or malware.

  1. In the Additional Restrictions panel, enter 2000000 in the Message link size limit (in bytes) field.
  2. In the Scanned Link Extensions panel, add the following extension types to the existing list using the Add new extensions field: zip, rar, jar, js, java, aspx, doc, docm, xls, xlsm.
  3. Click Save.

For redirect links (commonly seen in invoice related spam), an extra link-follow option is needed. This currently needs to be enabled by our Support team. If required, please contact support so that they can set this up for you.

Block Attachments with Macros

This option (which is disabled by default) allows you to reject all inbound emails received with document based attachments (.doc, .xls, .ppt etc) containing macros. This can be enabled per domain by:

  1. In the Restriction Options panel, place a tick in the Block attachments with macros checkbox.
  2. Click Save.