Defining Policy by File Type
When defining a policy by file type, you can perform the following actions:
n | Block the file under all conditions. You can edit the default notification about the blocked file. |
n | Sanitize the file using default sanitization settings. You can modify the default behavior by setting options when they are provided (for example, as in the image above). You can also edit the default block reason text. |
n | Allow the file under all conditions. |
n | Add one or more exceptions to any of the previous three settings. For more information, see Defining Exceptions. |
After you save the settings for the file type, the display updates to show the action symbol in the Default Action column and the number of exceptions in the Exceptions column.
The following table describes the sanitization options that are available for each file type:
File Type | Description | Sanitization Options | |||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Specifies how to sanitize PDF files. Note For managing the compression level when processing flat streams in PDF files see Compression Levels. | By default, these files are sanitized.
Note If you have selected Flatten File, other options are unavailable.
When this option is selected, for every file Disarmer blocks, a block-file containing the reason it was blocked is issued. You can edit the default block reason. Default is unchecked. Note When Blocked files with suspicious links is selected ensure the machine.xml configuration file has CloudVotiroSettings enabled.
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
Image | Specifies how to handle image files. | By default, these files are sanitized.
Note Increasing the noise level might enlarge the sanitized files, particularly in the case of png files. Unselecting noise level (off) usually preserves an image file size.
| |||||||||||||||||||||||||||||||||||||||||||||||||||
CAD | Specifies how to handle DWG, DWS, DWT, DXF, JWW, SFC, and P21 files that were created using CAD software. The files are re-generated, preserving layers and structure. | By default, these files are sanitized.
| |||||||||||||||||||||||||||||||||||||||||||||||||||
Ichitaro | Specifies how to handle Ichitaro documents and their embedded objects. The supported Ichitaro document versions are:
Note
| By default, these files are sanitized.
| |||||||||||||||||||||||||||||||||||||||||||||||||||
Hancom | Specifies how to handle Hancom Office files. Note Hancom .HWP 3.0 files are not supported. | By default, these files are sanitized.
| |||||||||||||||||||||||||||||||||||||||||||||||||||
Specifies how to handle binary files. | The Sanitze option is not relevant to managing binary files. You either block binary files or allow them.
Note Processing by the sandbox might affect performance. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
Archive | Specifies how to handle archives. | By default, these files are sanitized. Block zip bomb: Detects and blocks zip files with abnormal compression ratio. These might pose a denial of service threat, consuming system resources such as CPU or disk. Any zip files with compression ratio higher than 99.8% will be considered a zip bomb and be blocked. Default is checked. | |||||||||||||||||||||||||||||||||||||||||||||||||||
RTF | Specifies how to handle RTF files. | By default, these files are sanitized. There are no sanitization options. | |||||||||||||||||||||||||||||||||||||||||||||||||||
Specifies how to handle email files. Sanitization is on EML files and their attachments. Note Each attached file is processed recursively by running all policy rules on it. | By default, these files are sanitized.
Note If you have checked Blocked files with suspicious links, ensure the machine.xml configuration file has CloudVotiroSettings enabled.
Default is unchecked.
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
Microsoft Office | Specifies how to handle Microsoft Office files. Sanitization applies to Microsoft Office files and their embedded objects. Note Each attached file is processed recursively by running all policy rules on it. | By default, these files are sanitized.
Note If you have checked Blocked files with suspicious links, ensure the machine.xml configuration file has CloudVotiroSettings enabled. This option is available for DOC/DOCX file types only.
In the list, choose one of the following:
Note Excel files with "4.0 macro" (also known as "sheet macro") are automatically blocked. It is common practice to use VBA macros. Excel files with VBA macros are checked for suspicious code (see options above).
Default is unchecked. Changing this setting is not recommended and might affect the sanitized files.
Removes either:
From the list, select one of the following:
OR
From the list, select one of the following:
| |||||||||||||||||||||||||||||||||||||||||||||||||||
Text | Specifies how to handle text files. | By default, these files are sanitized. Block CSV with threat formula: Blocks CSV files that contain formula injections. Default is checked. | |||||||||||||||||||||||||||||||||||||||||||||||||||
Other files | Specifies how to handle unsupported files. | By default, these files are blocked. There are no sanitization options. |
Compression Levels
You can determine the level of compression required when processing flat streams, such as content streams and PNG images. You can set a value between 0 (minimum compression) and 9 (maximum compression), this will impact the size of the file output. The default value is 6.
Note
Compression Level is defined as a Special Case in the Defining Policy by Case section, see Defining Policy Based on Special Cases.
Comments
0 comments
Please sign in to leave a comment.