Configuring content filtering by attachment name
4 July 2024
ID 62593
To configure content filtering of messages by attachment name:
- Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name>
or--get-rule-settings <rule name> -n -f <rule settings file name>
The
<rule name>
should be enclosed in double quotes if it contains blanks. - Open the XML file to edit the rule settings.
- Enable content filtering of messages. To do so, in the
<engineSettings>
subsection of the<cfScanSettings>
section, specify the value1
for the<enableScan>
setting. - In the
<cfScanSettings>
section,<engineSettings>
subsection, in the<bannedFileNames>
setting, specify file names that are banned in attachments.You can use masks and regular expressions in attached file names. Names can contain any characters. Use semicolons ";" to separate the names.
Regular expressions and masks are not case-sensitive.
For example, you can enter the *.exe name mask to restrict transmission of messages that include attachments with the EXE extension.
If you need to add several file names, each file name must be in a separate
<item>
section, typed in a new string of the settings file.Example:
<bannedFileNames>
<item>*.exe</item>
</bannedFileNames>
Example of adding common executable files to the list of banned attachments:
Example:
<bannedFileNames>
<item>re:.*\.(scr|cpl|com|bat|cmd|vbs|pif|lnk|url|exe|bvs|spl|dll)$</item>
<item>re:^[^\t\n]*\.[A-Za-z0-9]+\.(exe|vbs|cpl|dll)[. ]*$</item>
</bannedFileNames>
- Specify the action you want the application to take on messages with attachments that have forbidden names. To do so, in the
<cfScanSettings>
section, specify the valueSkip, DeleteMessage, DeleteAttachment
orReject
for the<bannedFileNameAction>
setting.The default action is
Reject
. - If necessary, you can configure the application to move copies of messages with attachments that have forbidden names to Backup. To do so, in the
<cfScanSettings>
section, specify the value1
for the<backupBannedFileName>
setting. - Save the changes made.
- To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name>
or--set-rule-settings <rule name> -n -f <rule settings file name>
The
<rule name>
should be enclosed in double quotes if it contains blanks.