Scanning password-protected attachments

This section includes:

• Scanning password-protected attachments
  • About scanning password-protected attachments
  • Handling attachments that are password-protected
  • Searching for emails with password-protected attachments
  • Excluding users from the requirement to enter passwords

About scanning password-protected attachments

Some emails include attachments that are password-protected. The password-protection makes scanning of these attachments more complex. The default behavior for handling password-protected attachments is described below. It is possible to modify [customize] the behavior. This is also described below.

Note: The functionality described on this page is available for "Microsoft 365 Inline" and "Google Workspace" and "Other" integrations only. It is not available for Microsoft 365 API integrations.

Handling attachments that are password-protected

When FortiMail Workspace Security receives an email with an attached file that is password-protected, FortiMail Workspace Security will try various procedures to open the file:

• FortiMail Workspace Security will first try to locate the password in the email content.

• If the password isn't found in the email content, FortiMail Workspace Security will try to open the attachment using a database of common passwords.

If FortiMail Workspace Security is able to open the password-protected file, FortiMail Workspace Security will scan the file, and then handle the file according to the scan verdict.

What happens if FortiMail Workspace Security isn't able to open the password-protected file?

Default behavior

By default, if FortiMail Workspace Security isn't able to open the password-protected file, the file will be considered to be clean. If no other malicious evidence is detected in the email, the verdict of the email scan will be set to clean, and the email will be sent to the target recipient.

Customized behavior

FortiMail Workspace Security can be configured so that when a password-protected file is attached to an email, and FortiMail Workspace Security isn't able to open the file, then the file will not automatically assumed to be clean. In stead, the parent email will be assigned a restricted verdict and quarantined. FortiMail Workspace Security will then send an email to the original target [recipient] of the email, requesting the recipient to provide the password for the password-protected file. A screenshot of the original email is included in the email - to help the recipient identify the password-protected file. The password-protected file [and the parent email] will be kept in quarantine until a valid password is supplied. When a valid password is supplied, FortiMail Workspace Security will scan the file and then handle the file and email according to the scan verdict. Contact FortiMail Workspace Security Support [support@perception-point.io] for assistance in implementing this feature. You can include the text template below in your email to FortiMail Workspace Security Support: Subject: Configuration: Requesting passwords for password-protected files Auto-email Hi Perception Point Support Team, Organization name: <Your organization name> as it appears in FortiMail Workspace Security Please can you configure the system to request passwords to enable scanning of password-protected files. [Internal Reference: 1149] Please let us know when this has been done. Thank you Note: The customized operation can be applied to all protected email addresses in an organization, or to only specified email addresses. Contact FortiMail Workspace Security Support for implementation details. Limitation: If an email has more than one password-protected attachment, only one attachment will be scanned. If that attachment is found to be clean, the email will be released with a clean verdict - the remaining password-protected attachments won't be scanned.

Searching for emails with password-protected attachments

You can display a list of the scanned emails that have password-protected attachments.

To display a list of the scanned emails that have password-protected attachments:

1. In the Scans page, open the Advanced filters feature. For details, see Advanced filters.

2. Scroll down the list of filter options, and then under Files > Password Protected, select Protected.

   

   Note: If you don't see the Files > Password Protected > Protected check box, contact FortiMail Workspace Security Support [support@perception-point.io] and ask them to enable this functionality for you. To include scans for emails that have password-protected attachments that have already been opened, select the Opened check box.

3. Click "Apply Filters" to display a list of emails that have password-protected attachments.

Excluding users from the requirement to enter passwords

It is possible to exclude specific recipients in your organization from the requirement to submit passwords to enable FortiMail Workspace Security to scan password-protected attachments. These specified users will then receive their emails without attached password-protected files being scanned. For example, you could require all email recipients in your organization to submit passwords for encrypted attachments, but exclude this requirement for emails that are sent from a specified domain or email address. These exclusions are configured using allowlists. The specific allowlist requirements to implement the various exclusion scenarios are described in the table below. For general information about allowlists, see Allowlists.

Note: When you add an allowlist entry to exclude users from submitting passwords for encrypted attachments, if an email fails the SPF check, and the "Disable SPF checks" check box is not selected, then the recipients will be required to submit passwords.

Scenarios for excluding users from the requirement to submit passwords	Specific allowlist requirements
Require all email recipients to submit passwords for encrypted attachments, but exclude this requirement for emails from a specified sending domain or email address	Add a "Sender Email Address / Domain" allowlist. Under "Sender email address / domain", specify the sending email address or domain. Under "Email allow options", select "Password-Protected Files". Select the "Disable IP/SPF checks" check box.
Require all email recipients to submit passwords for encrypted attachments, but exclude this requirement for emails from a specified IP address	Add a "Sender IP" allowlist. Under "Sender IP address", specify the IP address. Under "Email allow options", select "Password-Protected Files". Select the "Disable IP/SPF checks" check box.
Require all email recipients to submit passwords for encrypted attachments, but exclude this requirement for emails to specified recipients	Add a "Recipient Email Address" allowlist. Under "Recipient email address", specify the receiving email address. Under "Email allow options", select "Password-Protected Files". Select the "Disable IP/SPF checks" check box.
Require only a specified set of email recipients to submit passwords for encrypted attachments. This is typically done for testing purposes.	This can be done by FortiMail Workspace Security Support only. For details, contact FortiMail Workspace Security Support [support@perception-point.io].

See also: 

• Scans