Mail Protection: Attachment Stripping
currently, there are several "action" options in the smtp anti-malware section: warn, blackhole, quarantine, and reject.
We should have a "remove attachment" option which means the unwanted (infected or dangerous) attachment is stripped off the mail, but the rest of the mail is forwarded to the recipient.
Two things are achieved with this: the recipient is informed immediately about the mail (he doesn´t have to wait for the next quarantine report). And he can see that a mail from a possibily importand business contact has been blocked and see at least the "uncritical" content
I would be happy to see this feature too.
In my case, I have blocked htm and html email attachments, because some of the phishing mails (paypal, ebay,.....) come in attached html files.
The problem I have is, we are sending our outgoing mails in HTML format with html signature. If a customer answers our mails, and his email-client uses non-html format (e.g. rich text oder plain text), our original email signature is beeing attached as html file.
Siegbert Teuscher commented
This is a very useful feature.
We block .doc and .docx, but many business process rely on sending word documents. Without this feature the mail stuck in quarantine and user is informed only twice a day. This is unacceptable, so we are forced to allow .doc attachments :-(
Actualy we use f/w 9.355-1 on SG135
Joerg van de Bruck commented
This would be a very useful feature for our organisation.
I would rate the imporetance of the request with a 2
Company: Warrington Collegiate
Contact: Nick Smeltzer
Sophos Partner (if applicable): Pugh
Sophos Product Information
Sophos Product:UTM (SG650)
Version in Production: 9.3.54
Feature Request Summary: Stop replacing malware with an attachment called “malware.txt”. Just blackhole the whole message.
How will this new feature address your business requirements?: We teach our users best practice and not to open attachments in emails they weren’t expecting. For Sophos to then send our users an attachment defeats the object
How would you rate the importance of this feature?; 1 = Critical, 5 = Nice-to-have: 3
This very good idea is more than 5 years old.
How many votes does it need to be realized?
Would be a important feature
It would be great to have this!
Currently we use Symantec Brightmail Gateway where this feature is available.
Important is, that it doesn't matter, which file extension the attachment has (e.g. virus.exe renamed to virus.abc).
Password protected attachments as zip-files should be strppped too.
Good idea. We had customer they ask this feature too.
Do a comment to Subject that attachment had been stripped.
no its time to do this change
agree, would be useful to have a notification email sent to the sender to say that the attachment had been stripped.
good idea - good for practical