Configuring Email Gateway to Safe Print Message Attachments

This chapter contains the following sections:

Overview

You can configure your email gateway to provide a safe view (safe-printed PDF version) of a message attachment detected as malicious or suspicious. The safe view of the message attachment is delivered to the end user and the original attachment is stripped from the message. You can use the 'Safe Print' content filter action to safe print all message attachments that match a configured content filter condition.

The ability to safe print message attachments in the email gateway helps an organization to:.

  • Prevent message attachments with malicious or suspicious content from entering an organization network.

  • View malicious or suspicious message attachments without being affected by the malware.

  • Deliver the original message attachment based on the end-user request.

The following languages are supported for the Safe-Print feature - English, Italian, Portuguese, Spanish, German, French, Japanese, Chinese (PRC and Taiwan), Russian, and Korean.

Configuring Safe Print Settings on Email Gateway

Procedure

Step 1

Click Security Services > Scan Behavior.

Step 2

Click Edit Global Settings.

Step 3

Enter the required parameters described in the following table to configure safe print settings on the email gateway.

Parameter Source Details

Description

Safe Print Settings

Maximum File Size

Enter the maximum attachment size for a safe-printed attachment.

Note 
Make sure that the 'Maximum File Size' value does not exceed the 'Maximum attachment size to scan' value configured in the Scan Behavior > Global Settings page.
Note 
If the ‘Maximum File Size’ value exceeds the 'Maximum Message Size to Scan' value configured for Outbreak Filters on your email gateway, then the message and the message attachment is not scanned by Outbreak Filters in the email pipeline.

Maximum Page Count

Enter the maximum number of pages that you want to safe print in a message attachment.

Document Quality

Select the Use Default Value (70) option to use the recommended image quality value for a safe-printed attachment.

Note 
You can also select the Enter Custom Value option and enter a custom image quantity value for a safe-printed attachment.

File Type Selection

Select the required file types from the appropriate file groups (for example, “Microsoft Documents”) that you can use to safe print a message attachment.

Watermark

Select Enabled option to add a watermark to a safe-printed attachment.

Note 
You can enter a custom text for the watermark in the Enter Custom Text: field.

Cover Page

Select Enabled option to add a cover page to a safe-printed attachment.

Note 
You can enter a custom text for the cover page in the Enter Custom Text field.
Step 4

Submit and commit your changes.

What to do next

Configure a content filter to safe print a message attachment. For more information, see Configuring Content Filter to Safe Print Message Attachments.

Configuring Content Filter to Safe Print Message Attachments

Use the 'Safe Print' content filter action to safe print a message attachment

You can use the Safe Print content filter action in any one of the following ways::

  • Safe print matching attachments option

  • Safe print all attachments option

Table 1.

Safe Print Action Option

Usage

Example

Supported Content Filter Conditions

Safe print matching attachments

Use the ‘Safe print matching attachments’ option to safe print all message attachments that match a configured content filter condition.

Configure the ‘Macro Detection’ content filter condition and select the 'Safe Print Matching Attachments' option.

If an incoming message contains three message attachments - 'docx1,' 'docx2,' and 'docx3' and the email gateway detects a macro in 'docx1,' then only 'docx1' is safe-printed.

The following are the content filter conditions that you can only use with the ‘Safe print matching attachments’ option:

  • URL Reputation

  • URL Category

  • Macro Detection

  • Attachment Content

  • Attachment File Info

Safe print all attachments

Use the ‘Safe print all attachments’ option to safe print all message attachments when the configured content filter condition is true.

Configure the ‘Envelope Sender’ content filter condition and select the 'Safe Print all attachments' option.

If an incoming message from a sender 'user1@example.com' contains three message attachments - 'docx1,' 'docx2,' and 'ppt1' then all the message attachments -'docx1,' 'docx2,' and 'ppt1' are safe-printed based on the following:

  • File types selected in theScan Behavior > Safe Print Settings page.

  • The user1@example.com sender matches the LDAP group directory configured in the ‘Envelope Sender’ content filter condition.

You can use any one of the content filter conditions available in your email gateway with the ‘Safe print all attachments’ option.

As an example, use the following procedure to safe print message attachments that contain macros using the 'Macro Detection' condition and 'Safe Print' action.

Before you begin

Make sure that you have configured safe print settings on the email gateway. See Configuring Safe Print Settings on Email Gateway

Procedure

Step 1

Go to Mail Policies > Incoming Content Filters.

Step 2

Click Add Filter.

Step 3

Enter a name and description for the content filter.
Step 4

Click Add Condition.

Step 5

Click Macro Detection.

Step 6

Select the file types that you want the email gateway to detect for macros and click Add.

Step 7

Click OK.

Step 8

Click Add Action.

Step 9

Click Safe Print.

Step 10

Select any one of the following actions to take on message attachments:

  • Select Safe print matching attachments option to safe print all message attachments that match the configured Macro Detection content filter condition.

  • Select Safe print all attachments option to safe print all message attachments when the configured Macro Detection content filter condition is true

Step 11

Select Yes to strip a message attachment that is marked as unscannable.

A message attachment is marked as unscannable due to any one of the following reasons:

  • Message contains an attachment that is encrypted.

  • Message contains an attachment that is corrupt.

  • I/O error occurs when performing a safe print action on the message attachment.

  • Timeout error occurs when performing a safe print action on the message attachment.

Note 
By default, a system generated message is added as an attachment text file when an attachment is unscannable. You can enter a custom message in the Custom Replacement Message field.
Step 12

Click OK.

Step 13

Submit and commit your changes.

Attaching Content Filter to Incoming Mail Policy

You can attach the content filter that you configured to safe print a message attachment to an incoming mail policy.

Procedure

Step 1

Go to Mail Policies > Incoming Mail Policies.

Step 2

Click the link below Content Filters.
Step 3

Make sure to select 'Enable Content Filters (Customize Settings).'
Step 4

Select the content filter that you created to safe print a message attachment.
Step 5

Submit and commit your changes.

Safe Print Settings and Clusters

If you use centralized management, you can configure safe print settings on the email gateway and mail policies at the cluster, group, and machine level.

Monitoring Messages with Safe-Printed Attachments

You can use the Safe Print report page to view:

  • Number of safe-printed attachments based on the file type in graphical format.

  • Summary of safe-printed attachments based on the file type in tabular format.

In the ‘Summary of Safe Print File Types’ section, click the total number of safe-printed attachments to view the message details in Message Tracking.

Viewing Logs

The log information about safe print is posted to the Mail Logs. Most information is at the Info or Debug level.

Examples of Safe Print Log Entries

The safe print information is posted to the Mail Logs. Most information is at the Info or Debug level.

Unable to Create Temporary Directory

In this example, the log shows that a message attachment was not safe-printed because your email gateway was unable to create a temporary directory to save the file. 

Sat Jul 20 05:53:48 2019 Info: MID 5 Unable to safe print the attachment, 
Filename:test_file.docx, Reason: IO error occurred during safeprinting of the attachment
Sat Jul 20 05:53:48 2019 Trace: MID 5 Unable to safe print the attachment, 
Filename:test_file.docx, Exception: Unable to create tmp directory for safeprinting document:
[Errno 2] No such file or directory: '/tmp/test_file.docx'

Unable to Create Safe-printed PDF Attachment

In this example, the log shows that a message attachment was not safe-printed because your email gateway was unable to create a safe-printed PDF attachment. 

Thu Jul 11 07:19:01 2019 Info: MID 132 Unable to safe print the attachment,
Filename:test_file.docx, Reason: IO error occurred during safeprinting of the attachment
Thu Jul 11 07:19:01 2019 Trace: MID 132 Unable to safe print the attachment,
Filename:test_file.docx, Exception: Error while creating safeprinted PDF document:
[Errno 2] No such file or directory: '/tmp/test_file.docx/safe_print_test_file.pdf'

Corrupt File

In this example, the log shows that a message attachment was not safe-printed because the file was corrupt

Thu Jul 11 08:34:31 2019 Info: MID 142 Unable to safe print the attachment, 
Filename:corrupt_file=20(1).docx, Reason: The attachment is corrupted

Encrypted File

In this example, the log shows that a message attachment was not safe-printed because the file was encrypted.

Thu Jul 11 08:34:31 2019 Info: MID 142 Unable to safe print the attachment, 
Filename:sept_subscription.pdf, Reason: The attachment is encrypted.

Timeout Error

In this example, the log shows that a message attachment was not safe-printed because of a timeout error.

Thu Jul 11 10:32:29 2019 Info: MID 165 Unable to safe print the attachment, 
Filename:20_page.docx, Reason: A timeout error occurred when trying to safe print the attachment

Displaying Safe Print Details in Message Tracking

Use Message Tracking to view the details of messages that contain safe-printed attachments.

Before you begin

  • Make sure that you enable the Message Tracking feature on the email gateway. To enable Message Tracking, go to Security Services > Message Tracking page in the legacy web interface of your email gateway.

  • Content filters configured to safe print message attachments are operational.

Procedure

Step 1

[New Web Interface only] Go to Tracking > Message Tracking.

OR
[Legacy Web interface only] Go to Monitor > Message Tracking.
Step 2

[New Web Interface] Click Advanced Search.

OR
[Legacy Web interface only] Click Advanced.
Step 3

Check Safe Print under Message Event to view the details of messages that contain safe-printed attachments.

Step 4

Enter the required search options and click Search.