Start a conversation

Policies and Attachment Types

A detailed breakdown of how ATP handles incoming mail. Covers how the default policy works, supported attachment types, the queue and sandbox process, and full details on the optional email release process.

Default policy vs. custom policy actions

One of the strengths of VIPRE Email Security is its policies, which allow for deep filtering of incoming and outgoing mail, and a slew of actions to perform on those messages. ATP has a simple predefined default policy which you can enable if you wish.

Note: The default policy is disabled when the ATP add-on is first installed.
For ATP to process email and protect you, either enable the default policy, or create a custom policy.

The ATP default policy has one rule, and one action:

  • rule: matches on any supported attachment type
  • action: sends all matching attachments to the sandbox

Therefore, any email message that contains supported attachment types will be processed, and its attachments are sent to the sandbox for analysis.

The default policy, enabled.

Use a custom policy for better filtering

You can change how ATP chooses which email attachments to send to the sandbox by creating and using a custom policy in place of the default policy. Custom policies allow for much more granular filtering of incoming mail and actions taken on that mail.

If you use a custom policy, you must disable the default policy; they cannot operate in tandem.

See Create and Enable a Custom Policy.

Supported attachment types

ATP recognizes attachment extensions based on the MIME type in the message headers.

Attachment types supported by ATP
  • Executables: .com, .exe
  • Documents: .pdf, .doc, .docm, .docx, .dot, .dotm, .dotx, .rtf
  • Presentations: .pot, .potx, .pps, .ppsx, .ppt, .pptx
  • Spreadsheets: .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx
  • Archives: .zip, .rar
How ATP handles archives

Regardless of extension, all attachments are checked to see if they are archives “disguised” as another file type.

Archives are extracted during sandbox analysis and their contents are processed by the sandbox.

Password-protected archives are not currently supported by the sandbox.

How attachments are processed

Regardless of which policy (default or custom) is enabled, the end result is that the policy sends an attachment for further analysis.

The simplified process is:

  1. Email attachments are pushed to a sandbox, where they are analyzed
  2. Attachments with a result of No Risk Found are passed along to the user with the original email
  3. Attachments that are Suspicious or Malicious are listed in the next scheduled Quarantine Report sent to the user
  4. Depending on user permissions, the user may be able to release Suspicious attachments from quarantine
  5. Malicious attachments can not be released from quarantine

For additional details, see

Choose files or drag and drop files
Was this article helpful?
Yes
No
  1. Carlos Rios

  2. Posted
  3. Updated

Comments