Today a weird thing happened; we received an email with several attachments directed to one user and with copy to that user's secretary.
The email received by the secretary had all the attachments stripped and only received a message.txt (The usual attachment that the UTM uses when stripping a file) detailing that the file "winmail.dat" had been stripped.
The WatchGuard Firebox that protects your network has detected a message that may not be safe.
Cause : The file type may not be safe.
Content type : application/ms-tnef
File name : winmail.dat
Virus status : No information.
Action : The Firebox deleted winmail.dat.
Your network administrator can not restore this attachment.
I know about winmail.dat attachments so we informed the sender to not use RTF when sending emails, but my concern is that while the secretary did not get any attachments the other user did get them with no problem.
So my question is:
Does the same email directed to one user and with copy to another have different rules for stripping?
Why did one user receive the attachments and the other just the txt explaining the deletion of the winmail.dat?