Link to home
Start Free TrialLog in
Avatar of rzup
rzup

asked on

watchguard firewall rejects some pdf attachments, but not others

I have a Watchguard Firewall with an SMTP proxy. We get pdf files through all the time, but, the other day, it stripped a pdf attachment with the message:
===================================================
"
The WatchGuard Firebox that protects your network has detected a message that may not be safe.

Cause : The message content may not be safe.
Content type : file/pdf
File name    : wyndham_cnf_cxl_plc1169065.pdf
Virus status : No information.
Action       : The Firebox deleted wyndham_cnf_cxl_plc1169065.pdf.

Your network administrator can not restore this attachment.
=====================================================

I am curious, is the sender encoding the MIME type wrong? Should it be application/pdf rather than file/pdf. I know how to go in and edit the MIME types allowed and the actions (strip, allow, etc)--not asking how to allow this type. I would like to know, on a more conceptual level, why would this sender's pdf get rejected when pdf comes through all the time? Ideas? I feel like I don't understand MIME mappings as I've never heard of file/pdf and I had this set to allow application/pdf.
SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Also, contaminated PDF's are a current form of viruses in email.
Avatar of rzup
rzup

ASKER

I couldn't find file/pdf either. I can't tell what kind of email system they have. A user forwarded me the strip notice--I will have to delve deeper to see what system they use. Thanks.
If it's a virus spammer, they would be making up almost everything in the email including the headers...
Avatar of rzup

ASKER

It's not a virus spammer. It's a well-known hotel chain sending a confirmation receipt. In fact, the user's private email allows it to be received, and it's a good pdf. The question is, what does yahoo mail know that I don't know about file/pdf.
Yahoo mail mostly knows that it likes to Change things and do it the Yahooooo way, no matter what everyone else is doing.  I hope you're not using Yahoo for business email....
Avatar of rzup

ASKER

No, I'm saying that yahoo, the user's private mail, allows it whereas we don't. So she naturally wants to know what we have "misconfigured" :)
Par for the course...  Two options then, add 'file/pdf' and/or adjust the spam filter if there is one in the firewall.  Still it would be nice to know what system is sending it that way.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rzup

ASKER

This question is probably unanswerable without talking to the web programmer at the hotel chain, but I'm satisfied my systems are configured right. Thanks.