4.1 File

Previous4. Mail Settings Next4.2 Mail Body

Last updated 9 days ago

4.1 File

📖 Overview

The File module within Mail Settings provides administrators with advanced control over how email attachments are handled — by file size, file type, and custom YARA-based detection rules.

This policy-driven module allows you to prevent harmful or unwanted files from ever reaching inboxes, going beyond reactive detection to enforce proactive attachment restrictions.

🛡️ Blocking risky file types and enforcing size limits is one of the most effective methods to prevent ransomware, spyware, and trojan delivery.

📦 Submodules

This section includes 3 core functionalities:

📏 File Size

Purpose: Define the maximum allowed file size for incoming email attachments.

Feature

Description

Current File Size Limit

Displayed in MB (e.g., 99 MB)

Set New Limit

Manually enter a new max size threshold

Use Cases:

Block large .zip or .iso files often used in malware attacks
Prevent system overload from heavy media attachments
Enforce compliance on data flow and DLP restrictions

⚠️ Files exceeding the limit are blocked and flagged as MAXIMUM FILE SIZE in analysis.

📂 File Type

Purpose: Define which file types (extensions) should be allowed or denied.

Example Extensions

Recommended Action

.exe, .scr, .vbs, .js

❌ Block (high risk)

.docm, .xlsm, .iso

❌ Block or quarantine

.pdf, .docx, .xlsx

✅ Allow (if not abused)

Features:

Add file types manually (case-insensitive)
See creation timestamp
Delete or edit file types at any time

Use Cases:

Enforce acceptable attachment policy
Reduce false negatives in malware delivery
Restrict executable file propagation via email

📌 No file types are blocked by default — use this to implement strict control based on your organization’s risk appetite.

🧬 YARA Rules

Purpose: Define custom YARA-based scanning rules to detect pattern-matching malware or indicators of compromise within files.

Field

Description

Rule Description

Short name for the rule

Rule Content

YARA-compatible rule body (syntax required)

Creation Date

When rule was added

Actions

View / Delete

Use Cases:

Detect malware using behavior or code structure
Identify documents with embedded macros or known obfuscation
Implement IOC-based scanning tailored to your threat intel

🧠 YARA rules allow deep inspection beyond file name or type — for example, scanning for embedded strings, hex patterns, or exploit markers.

🧠 Best Practices

Objective

Recommendation

Prevent malicious executables

Block known high-risk extensions

Maintain system stability

Set file size limits to avoid overload or abuse

Respond to targeted threats

Write YARA rules for specific threat families

Regularly update file policy

Align with emerging attack techniques

🎯 The File module gives you proactive control over the what of every email — defining exactly which attachments are acceptable, and which are a threat.

Previous4. Mail Settings Next4.2 Mail Body

Last updated 9 days ago

📖 Overview

The File module within Mail Settings provides administrators with advanced control over how email attachments are handled — by file size, file type, and custom YARA-based detection rules.

This policy-driven module allows you to prevent harmful or unwanted files from ever reaching inboxes, going beyond reactive detection to enforce proactive attachment restrictions.

🛡️ Blocking risky file types and enforcing size limits is one of the most effective methods to prevent ransomware, spyware, and trojan delivery.

📦 Submodules

This section includes 3 core functionalities:

📏 File Size

Purpose: Define the maximum allowed file size for incoming email attachments.

Feature

Description

Current File Size Limit

Displayed in MB (e.g., 99 MB)

Set New Limit

Manually enter a new max size threshold

Use Cases:

Block large .zip or .iso files often used in malware attacks
Prevent system overload from heavy media attachments
Enforce compliance on data flow and DLP restrictions

⚠️ Files exceeding the limit are blocked and flagged as MAXIMUM FILE SIZE in analysis.

📂 File Type

Purpose: Define which file types (extensions) should be allowed or denied.

Example Extensions

Recommended Action

.exe, .scr, .vbs, .js

❌ Block (high risk)

.docm, .xlsm, .iso

❌ Block or quarantine

.pdf, .docx, .xlsx

✅ Allow (if not abused)

Features:

Add file types manually (case-insensitive)
See creation timestamp
Delete or edit file types at any time

Use Cases:

Enforce acceptable attachment policy
Reduce false negatives in malware delivery
Restrict executable file propagation via email

📌 No file types are blocked by default — use this to implement strict control based on your organization’s risk appetite.

🧬 YARA Rules

Purpose: Define custom YARA-based scanning rules to detect pattern-matching malware or indicators of compromise within files.

Field

Description

Rule Description

Short name for the rule

Rule Content

YARA-compatible rule body (syntax required)

Creation Date

When rule was added

Actions

View / Delete

Use Cases:

Detect malware using behavior or code structure
Identify documents with embedded macros or known obfuscation
Implement IOC-based scanning tailored to your threat intel

🧠 YARA rules allow deep inspection beyond file name or type — for example, scanning for embedded strings, hex patterns, or exploit markers.

🧠 Best Practices

Objective

Recommendation

Prevent malicious executables

Block known high-risk extensions

Maintain system stability

Set file size limits to avoid overload or abuse

Respond to targeted threats

Write YARA rules for specific threat families

Regularly update file policy

Align with emerging attack techniques

🎯 The File module gives you proactive control over the what of every email — defining exactly which attachments are acceptable, and which are a threat.