MSME file filtering rules for embedded items are discarded when a rule is triggered for a parent file

Technical Articles ID: KB83246
Last Modified: 11/4/2014

Environment

McAfee Security for Microsoft Exchange 8.0
Microsoft Exchange 2007 SP3, 2010 SP2, 2013 CU1
Microsoft Windows 2003 x64, 2008 x64

Problem

If you create an Allow Through file filtering rule for .zip files, MSME will ignore the files inside the .zip file irrespective of the rule order.

Example:

You have an .exe File Category rule with an action to Replace all .exe files.
You have a .zip File Name rule with an action to Allow Through all .zip files.
The .exe rule is above the .zip rule.

In this example, if you send an email with an .exe file embedded in a .zip file, the .exe file should be replaced. However, the .zip Allow Through rule is applied before the .exe Replace rule, even though the .zip Allow Through rule is placed after the .exe Replace rule in the list.

Solution

To create a policy extension that provides an option to evaluate items inside embedded files, do the following:

Check in the MSME managed extension version 8.0.8240.100 in the ePO server. Once this extension version is in place, you see the Evaluate items inside archive files checkbox under the file filtering rule.

NOTE: This checkbox is available only in the managed extension version 8.0.8240.100 of MSME in the ePO server. This option is not available in the standalone UI or locally to the MSME server.
Select the Evaluate items inside archive files checkbox. This allows the parent file rules to be overridden when an archived file triggers an action. MSME continues to check items inside the .zip file, and will take action if any of the archived files do not match the File Filter rules.

NOTE: If the .zip file contains multiple files and the Replace action is triggered by only one or a few files in the .zip, the other files in the .zip files remain unchanged.

Affected Products

Security for Microsoft Exchange 8.5

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Knowledge Center

MSME file filtering rules for embedded items are discarded when a rule is triggered for a parent file

Environment

Problem

Solution

Affected Products

Glossary of Technical Terms

Title

Title

Knowledge Center

MSME file filtering rules for embedded items are discarded when a rule is triggered for a parent file

Environment

Problem

Solution

Affected Products

Glossary of Technical Terms

Choose your region

Title

Title