Attachment Management in Mimecast


Attachment Management is the set of policies that determine which file types are allowed through by email.

Mimecast provides you with a default definition for determining what attachment types should be handled. This covers the most common file types you will encounter.

You can choose to have Mimecast perform one of the following actions for attachments:

Allow – The attachment is delivered as normal.
Link – The attachment is removed from the email and replaced with a link to download the file.
Hold – The email is held by Mimecast, requiring it to be released before them email is delivered to the recipient
Block – The email is delivered without the attachment

You can also have an action performed based on the size of the file. For example blocking PDF files over 10MB.

Detections for Attachment Management can be set on both file extension and MIME type.

Definition

The Attachment Definition is the settings that will be applied when a policy is triggered. You must configure the Definition first.

  1. Log into your Mimecast Account at https://login.mimecast.com


  1. Select Administration Console

  1. Go to ‘Administration > Gateway > Policies’

  1. From the Definitions dropdown, select Attachment Sets

  1. Select the Default Attachment Sets folder

  1. Select New Attachment Set Definition

  1. Set the name (Description) for the Definition
     
  2. Set the General Properties for the definition:

Default Block / Allow: Determines if the definition actions as a Blacklist (allow all but selected items) or a Whitelist (allow only selected items)

Pornographic Image Setting: Determines if images should be scanned for pornographic content and at what certainty it will be triggered. These will be held if detected when enabled.

Encrypted Archives: How to handle password protected archive (.zip, .rar etc.) files.

Unreadable Archives: How to handle archive files that could not be read.

Encrypted Documents: How to handle password protected Office files

Scan for disallowed extensions within legacy Microsoft Office files: Determines if legacy Microsoft Office embedded files should be checked

  1. Set the Hold / Block Notification Options:
     
     Hold Type: Determines who can release emails that have been held by this definition (Hold options applied in General Properties will always be an Admin Hold)

    Moderator Group: The group of users who can release emails held by this definition when the Hold Type is set to Moderator or User

    Notify Group: The group of users who will receive a notification when this definition is used (in addition to the below options)

    Notify (Internal/External) Sender/Recipient: Determines if who should receive a notification when this definition is triggered

  1. Set the actions for Content Types

Note: If a Size is set of more than zero, that action will only apply if the file size of the attachment exceeds that size.

Note: You can search for a specific file type using the search option at the top right of the page.

Note: You can change which items show in the list using the View dropdown at the top of the page.

  1. Press Save & Exit



Policy

Once you have created your definition, you will need to create an accompanying policy to determine when it is applied.

  1. Log into your Mimecast Account at https://login.mimecast.com


  1. Select Administration Console

  1. Go to ‘Administration > Gateway > Policies’

  1. Click into Attachment Management

  1. Select New Policy

  1. Give the policy a name (Policy Narrative)


  1. Set Set Attachment Management Policy to definition you created using the Lookup button


Note: When using the definition lookup, you will need to select the folder the definition is located in and use the Select option. Clicking into the definition on this screen will take you to the editing screen for it.

  1. Set the scope for the policy under Emails From and Emails To

  1. Press Save & Exit

Only one Attachment Management Policy will apply to an email. If you need to ensure a particular policy is picked, you should enable the Policy Override option within the policy.