?
Solved

Sonicwall Firewall stripping attachments out as text

Posted on 2013-11-05
10
Medium Priority
?
1,585 Views
Last Modified: 2014-01-06
I had our eternally hosted website updated to create a form where people can send in their resumes.  There is an option for them to attach a word file or pdf etc.

When the web company sends the resume to our email account the attachment comes in as text.  I know it is the sonicwall firewall doing this because we have a barracuda spam filter afterwards and it shows the attachment as text aswell.

I had them direct the form to my personal email account and the attachment came in as an attchemnt.  We tried with different file types and it made no difference.  Here is what the email looks like.  I truncated it somewhat as the jibberrish text goes on for a while.

What could be causing this in my sonicwall.  We are using a NSA3500.  Attachments coming in via regular methods are of course ok.  Its is just from this form that the web guys built.

You have received a new application
Name      Bob Smith
Phone      
Email      
Address      
, .
Extra Information      test
--PHP-alt-a8f8b34dec412cc9946a6b5426b25b2c-- --PHP-mixed-a8f8b34dec412cc9946a6b5426b25b2c Content-Type: application/octet-stream; name="Full Logo with Tag.jpg" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Full Logo with Tag.jpg" /9j/4RdURXhpZgAATU0AKgAAAAgABwESAAMAAAABAAEAAAEaAAUAAAABAAAAYgEbAAUAAAABAAAA agEoAAMAAAABAAIAAAExAAIAAAAeAAAAcgEyAAIAAAAUAAAAkIdpAAQAAAABAAAApAAAANAALcbA AAAnEAAtxsAAACcQQWRvYmUgUGhvdG9zaG9wIENTNSBNYWNpbnRvc2gAMjAxMzowNDoyMCAyMDo0 MDoxMAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAIDqADAAQAAAABAAADQwAAAAAAAAAGAQMAAwAA AAEABgAAARoABQAAAAEAAAEeARsABQAAAAEAAAEmASgAAwAAAAEAAgAAAgEABAAAAAEAAAEuAgIA BAAAAAEAABYeAAAAAAAAAEgAAAABAAAASAAAAAH/2P/tAAxBZG9iZV9DTQAB/+4ADkFkb2JlAGSA AAAAAf/bAIQADAgICAkIDAkJDBELCgsRFQ8MDA8VGBMTFRMTGBEMDAwMDAwRDAwMDAwMDAwMDAwM DAwMDAwMDAwMDAwMDAwMDAENCwsNDg0QDg4QFA4ODhQUDg4ODhQRDAwMDAwREQwMDAwMDBEMDAwM DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM
0
Comment
Question by:Bekster
  • 3
  • 3
  • 3
9 Comments
 
LVL 27

Assisted Solution

by:Blue Street Tech
Blue Street Tech earned 400 total points
ID: 39626392
Hi Bekster,

SonicWALL has no ability to do that unless you are explicitly filtering it through App Controls, which also has to be enabled and configured. Do you have CGSS licensed and App Control configured? If this was the culprit you'd see it in the Logs as well.

SonicWALL, via App Control, would block attachments in emails from a Mail Client, based on their contents. This method uses Match Object Type File Content in Application Firewall Match Objects. This method inspects the contents of file attachments and based on what is defined in Match Objects, blocks it. E.g., a document file with keyword "Confidential" or a compressed "exe" file. This method does not purport to block attachments by their extension. Likewise, this cannot be used to block HTTP Webmail attachments.

From what you have described it is not network specific which would point to the SonicWALL but rather email provider specific. Additionally, this App Control method would not filter out ALL attachments and would be easily identified in the Logs if it was engaged to take action. I'd look at the email provider and client used.

What Email Client are you using (Outlook, webmail)? What type of email server is it (Exchange, Google Apps, Linux)?

Let me know how it goes!
0
 
LVL 20

Expert Comment

by:carlmd
ID: 39627016
Have you actually tried to open the attachement in an email client?

In order to transfer (email) the attachment it is uuencoded into text, sent, then uudecoded at the receiving site. It looks like you are looking at the attachment before it is converted back to whatever it was.
0
 

Author Comment

by:Bekster
ID: 39627408
I am using outlook with exchange . We have a Barracuda firewall that is after the sonicwall, but before the exchange server, and the message is in that format on the barracuda, so the email client isnt relevant here.

In an email client there is no actual attachment, there is just that huge string of text
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 20

Expert Comment

by:carlmd
ID: 39627527
Here is another possibility...

There are two ways (or more) to add an attachment to an email. One is by simply uuencoding it and the other is to use mime headers with the encoding.

Some email clients will accept either while others (apple items) are much more restrictive and typically require mime headers with the encoding. If you see an attachment that appears in the body of an email, then typically you need mime headers.

Since this is your web site that is sending the email, which method are you using to send the email with attachment?

As a hint, if you view the entire email (not just the attachemnt portion) as text, then you would see something like the following if mime headers are used.

Subject: base64-encoded test
MIME-Version: 1.0
Content-Type: application/octet-stream; name="resume.pdf"
Content-Transfer-Encoding: base64
0
 

Author Comment

by:Bekster
ID: 39627639
Here is everything before the text jibberrish.  This is from the Barracuda

X-ASG-Debug-ID: 1382488109-02b1fb0c4152a1d0001-5MlMsj
Received: from cvc-dell2850 ([199.68.176.112]) by barracuda.ourserver.com with ESMTP id tQB9nQ5mltF2YziM for <jobs@ourserver.com>; Tue, 22 Oct 2013 20:28:30 -0400 (EDT)
X-Barracuda-Envelope-From:
X-Barracuda-Apparent-Source-IP: 199.68.xxx.xx
Received: from cvc-dell2850 ([127.0.0.1]) by cvc-dell2850 with Microsoft SMTPSVC(6.0.3790.4675);
       Tue, 22 Oct 2013 20:28:29 -0400
Date: Tue, 22 Oct 2013 20:28:29 -0400
Subject:  Careers - Job Application Submission
To: jobs@ourserver.com
X-ASG-Orig-Subj:  Careers - Job Application Submission
From:
Reply-To:
Content-Type: multipart/mixed; boundary="PHP-mixed-a8f8b34dec412cc9946a6b5426b25b2c"
Return-Path: <>
Message-ID: <CVC-DELL2850cAXLtYm00000095@cvc-dell2850>
X-OriginalArrivalTime: 23 Oct 2013 00:28:29.0300 (UTC) FILETIME=[CBDABB40:01CECF86]
X-Barracuda-Connect: UNKNOWN[199.68.176.112]
X-Barracuda-Start-Time: 1382488110
X-Barracuda-URL: http://localserver:8000/cgi-mod/mark.cgi
X-Barracuda-Orig-Rcpt: jobs@ourserver.com
X-Virus-Scanned: by bsmtpd at ourserver.com
X-Barracuda-Spam-Score: -1001.00
X-Barracuda-Spam-Status: No, SCORE=-1001.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=6.0

 
--PHP-mixed-a8f8b34dec412cc9946a6b5426b25b2c  
Content-Type: multipart/alternative; boundary="PHP-alt-a8f8b34dec412cc9946a6b5426b25b2c"

--PHP-alt-a8f8b34dec412cc9946a6b5426b25b2c  
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

  Name: My Name Phone:   Email:   Address:
     , .   Extra Information:
  test
--PHP-alt-a8f8b34dec412cc9946a6b5426b25b2c  
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<h3>You have received a new application</h3>
<table width="600" cellpadding="4" cellspacing="1">
  <tr><th width="150" align="right" bgcolor="#CCCCCC">Name</th><td bgcolor="#EEEEEE">My Name</td></tr>
  <tr><th align="right" bgcolor="#CCCCCC">Phone</th><td bgcolor="#EEEEEE"></td></tr>
  <tr><th align="right" bgcolor="#CCCCCC">Email</th><td bgcolor="#EEEEEE"></td></tr>
  <tr><th align="right" bgcolor="#CCCCCC">Address</th><td bgcolor="#EEEEEE"> <br>, . </td></tr>
  <tr><th align="right" bgcolor="#CCCCCC">Extra Information</th><td bgcolor="#EEEEEE">test</td></tr>
</table>
--PHP-alt-a8f8b34dec412cc9946a6b5426b25b2c--

--PHP-mixed-a8f8b34dec412cc9946a6b5426b25b2c  
Content-Type: application/octet-stream; name="Full Logo with Tag.jpg"  
Content-Transfer-Encoding: base64  
Content-Disposition: attachment; filename="Full Logo with Tag.jpg"
0
 
LVL 20

Accepted Solution

by:
carlmd earned 1600 total points
ID: 39627660
Look at the section that says

Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

This indicates the attachment is plain text, which is what you are seeing. There are no mime headers, which is what I believe is your problem.

If you take one of the problem emails sent to to your personal account, and forward it to your work account, you will see the difference.

I would go back to your website and change the coding to use mime headers with attachments.
0
 

Author Comment

by:Bekster
ID: 39627688
OK thanks I will forward to the web guys and see what they some up with.

Yes, if the email is sent to my personal account then forwarded to my work account its fine.
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39628179
Nice pinpointing Carl!
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39689673
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Take a look at these 6 Outlook Email management tools which can augment the working and performance of Microsoft Outlook to give you a more rewarding emailing experience.
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question