Enable Attachment and URI Analysis
Attachment and URI analysis in Cloud Email Protection is a multistep process, depending on which level of analysis you want to have performed.
NOTE: The process described here to enable attachment and URI analysis applies to all customers with an Fortra Cloud Email Protection-hosted sensor and for customers with an on-premise sensor that was installed on or after the 18.05.21222056 release (May 2018), meeting the host system specifications for that release.
Customers hosting their own on-premise sensor prior to the 18.05.21222056 release, will likely need host upgrades and to contact Fortra Cloud Email Protection support to request that the Attachment Scanning and URI Scanning switches be enabled. Once this is done you can continue with the processes below to enable attachment and URI analysis.
Basic Attachment Information Collection
To allow attachment and URI scanning, you must enable an organization-level setting to allow Cloud Email Protection to collect this information. This setting is enabled by default. To enable it if it has been disabled, follow these steps:
- Go to Manage > Organization.
- Select the Message Components tab.
- Select the Process message contents check box to enable for your organization.
- Click Save.
Once the organization allows attachment and URI scanning, the functionality is enabled on a sensor level, and on a per-sensor basis.
TIP: If you do enable this setting, but do not enable attachment scanning for any sensor, Cloud Email Protection will still perform basic collection of attachment information, such as name and file extension, which can be used in Search and Policy.
Attachment Scanning
Scanning of attachment content for malicious intent must be enabled on a per-sensor basis. If you manage your own sensor environment you may choose to only scan attachments on a subset of your sensors, routing email with attachments to those specific sensors. If your sensors are hosted by Fortra Cloud Email Protection (which is the recommended configuration), you should enable scanning on all sensors.
NOTE: Attachment scanning may require upgrades to your sensor host system VM or machine. See Sensor Prerequisites for information about sensor host system specifications.
First you must perform the steps above to set your organization level policy on attachment name collection.
- Go to Manage > Sensors.
- Scroll down to the Configuration section.
- Move the Attachment Scanning slider to Scan Attachments.
- Click Save Configuration.
The first time you enable attachment scanning on a sensor you manage in your own environment (not Fortra Cloud Email Protection-hosted) will involve downloading the scan engine container in the background, after which your sensor will restart. This process can take more than 30 minutes. We recommend you perform this action one sensor at a time.
If you have multiple sensors, repeat these steps on each tab for which you want the sensor to perform attachment scanning.
URI Scanning
Scanning of URIs for malicious intent must be enabled on a per sensor basis. If you manage your own sensor environment you may choose to only scan URIs on a subset of your sensor appliances, routing email with attachments to those specific sensors. If your sensors are hosted by Fortra Cloud Email Protection (which is the recommended configuration), you should enable scanning on all sensors.
Cloud Email Protection can also scan URIs in Microsoft Office and Adobe Acrobat documents that are attached to messages, but attachment scanning must also be enabled for this to occur.
NOTE: URI scanning may require upgrades to your sensor host system VM or machine. See Sensor Prerequisites for information about sensor host system specifications.
First you must perform the steps above to set your organization level policy on URI collection.
- Go to Manage > Sensors.
- Scroll down to the Configuration section.
- Move the URI Scanning slider to Scan URIs.
- Click Save Configuration.
If you have multiple sensors, repeat these steps on each tab for which you want the sensor to perform URI scanning.