SMTP Proxy insert content warning on every email
Hello.
By investigating a different issue we found, that on every incoming email the SMTP proxy inserts a warning message on every multipart email. The message has always the following format:
Content-Type: text/plain; name="message.txt"; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
The WatchGuard Firebox that protects your network has detected a message =
that may not be safe.
Cause : The message content may not be safe.
Content type : (none)
File name : (none)
Virus status : Content-Type violation
Action : The Firebox deleted (none).
Your network administrator can not restore this attachment.
This message cannot be recognized when the email is opened in the email client however it is visible when looking at the raw content of the email.
We seem to have this issue on every Firebox of every customer however we stopped investigatin this after we found the same issue on five client boxes in sequence. All boxes are on FW 12.11.4.
Is this a known issue?
THX and kind regards
Comments
It looks like missing Content Types are being AV scanned in your config.
You can allow Attachments -> Content Types = Missing or empty.
That should prevent the added message.
The following is from the new AI Generated answer feature on the support site:
Virus Status: Content-Type Violation
A Content-Type violation occurs when the content being transmitted does not match the expected content type as defined in the security policies. This can lead to potential security risks, as certain content types may be more likely to contain viruses or malicious code.
To address this, you can configure the Gateway AntiVirus settings to scan specific content types that are known to carry threats while allowing others that are less risky. Here are the steps to manage this:
Edit the HTTP-Proxy Policy: Access the Proxy Action tab. Navigate to the HTTP Response tab and select Content Types. Set Actions for Content Types: From the "Action To Take If No Rule Above Is Matched" drop-down, select Allow or another option instead of the default AV Scan. Enable or disable rules in the Content Types list by checking or unchecking the Enabled box.