Solved

Create E-Mail BAS scenario to check for blocking of .htm attachments

  • 1 February 2024
  • 2 replies
  • 31 views

Badge

Hi,

One of our staff received a malicious e-mail this morning that should be blocked by our mail gateway.

250+ file attachment types are blocked, include *.htm and ???.*.htm

However, it penetrated and reached the mailbox.

I cannot see how I can create a specific test to check for blocking  of .HTM attachments, as per the image I have uploaded

Is this possible?

thanks

Richard

icon

Best answer by moshe_elias 4 February 2024, 09:32

View original

2 replies

Userlevel 2
Badge +3

Hi Richard,

Depending on what you want to test:

You can create a template that validates policy for several flavors of HTM attachments that are sent without malicious behaviors. 

  • Create a new template
  • Skip the malicious behaviors
  • Select Mime type policy (under miscellaneous)

Alternatively you can create a template that sends malicious emails in HTM attachments. 

  • Create a new template 
  • Select all malicious behaviors
  • Select all structure (file types)
  • In structure layers (layer1) select all the HTM variants (use the search)   
  • Optionally Select Mime type policy (under miscellaneous) to combine include the first option.

I hope this helps.

Badge

Hi Moshe,

Sorry for the delayed reply and thanks for your help.

Creating the template looks straightforward and I will use that as my testing scenario

Many thanks

Richard

Reply