Trustifi allows automatic blocking of specific file types, which are types of files that can be considered potentially dangerous. If you decide to block a specific file type, all emails containing this type of file will automatically be considered as malicious.
Note: By default, Trustifi will not automatically block any specific file type, however all files will still be scanned and emails containing files that are found to be malicious will be blocked.
How to block file types
In the Trustifi admin portal, open the “Inbound Management” section and then navigate to the “Configuration” page. Then click on the “Block file types” tab.
Here you will find a number of settings, which allow you to automatically block different types of files.
If there is a specific file type you want to block, simply click on the toggle for this file type. For example, in the screenshot below the option to block all script files is enabled.
If you want to allow this file type to be sent internally, but also to have it blocked for external senders, you can check the box for “For external senders only“. For example, in the screenshot below scripts will be blocked only for external senders.
What happens when a blocked file is detected
If you’ve enabled blocking for a particular file type and Trustifi has found this type of file in an email, the email will be considered malicious and will be blocked under the default settings.
In the screenshot below you can see a threat analysis display for an email that was blocked due to a blocked file type (script).
As with all quarantined emails, these emails can still be released from quarantine.
Explanations about file types
- Macros: these are scripts which are embedded in document files. In most cases these files are harmless, but can be used by attackers for malicious purposes. Examples of file extensions: .docm and .xlsm
- Scripts: files written in a specific scripting language which can be run by certain programs. Most email clients consider script files to be unsafe. Examples of file extensions: .py and .vbs
- Executables: these are files that automatically run programs when opened. These files are considered very dangerous and most email clients do not allow sending them. Examples of file extensions: .exe and .msi
- Encrypted attachments: this can be any password-protected file that is not an archive (for example .pdf files). These types of files are generally safe, but are often used in phishing as a means to bypass security.
- Encrypted archives: archive files (for example .zip files) that are password-protected.
- Uncommon file types: when this option is blocked, Trustifi will only allow emails containing file types that are common to emails – such as documents, media files, and archive files. Any other type of file will be considered uncommon and will be blocked.
When an email is blocked due to an uncommon file type, it will display this status in the email threat analysis:
Additionally, uncommon file types that were blocked will be added to a list which is displayed under the “Block uncommon file types” toggle. If you wish to allow specific uncommon file types, simply click on the “Actions” button next to it and select “Allow Type“.
For example, in the screenshot below the file type x-amp-html is allowed, while others are blocked.
