• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1596
  • Last Modified:

Sonicwall Firewall stripping attachments out as text

I had our eternally hosted website updated to create a form where people can send in their resumes.  There is an option for them to attach a word file or pdf etc.

When the web company sends the resume to our email account the attachment comes in as text.  I know it is the sonicwall firewall doing this because we have a barracuda spam filter afterwards and it shows the attachment as text aswell.

I had them direct the form to my personal email account and the attachment came in as an attchemnt.  We tried with different file types and it made no difference.  Here is what the email looks like.  I truncated it somewhat as the jibberrish text goes on for a while.

What could be causing this in my sonicwall.  We are using a NSA3500.  Attachments coming in via regular methods are of course ok.  Its is just from this form that the web guys built.

You have received a new application
Name      Bob Smith
, .
Extra Information      test
  • 3
  • 3
  • 3
2 Solutions
Blue Street TechLast KnightsCommented:
Hi Bekster,

SonicWALL has no ability to do that unless you are explicitly filtering it through App Controls, which also has to be enabled and configured. Do you have CGSS licensed and App Control configured? If this was the culprit you'd see it in the Logs as well.

SonicWALL, via App Control, would block attachments in emails from a Mail Client, based on their contents. This method uses Match Object Type File Content in Application Firewall Match Objects. This method inspects the contents of file attachments and based on what is defined in Match Objects, blocks it. E.g., a document file with keyword "Confidential" or a compressed "exe" file. This method does not purport to block attachments by their extension. Likewise, this cannot be used to block HTTP Webmail attachments.

From what you have described it is not network specific which would point to the SonicWALL but rather email provider specific. Additionally, this App Control method would not filter out ALL attachments and would be easily identified in the Logs if it was engaged to take action. I'd look at the email provider and client used.

What Email Client are you using (Outlook, webmail)? What type of email server is it (Exchange, Google Apps, Linux)?

Let me know how it goes!
Have you actually tried to open the attachement in an email client?

In order to transfer (email) the attachment it is uuencoded into text, sent, then uudecoded at the receiving site. It looks like you are looking at the attachment before it is converted back to whatever it was.
BeksterAuthor Commented:
I am using outlook with exchange . We have a Barracuda firewall that is after the sonicwall, but before the exchange server, and the message is in that format on the barracuda, so the email client isnt relevant here.

In an email client there is no actual attachment, there is just that huge string of text
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Here is another possibility...

There are two ways (or more) to add an attachment to an email. One is by simply uuencoding it and the other is to use mime headers with the encoding.

Some email clients will accept either while others (apple items) are much more restrictive and typically require mime headers with the encoding. If you see an attachment that appears in the body of an email, then typically you need mime headers.

Since this is your web site that is sending the email, which method are you using to send the email with attachment?

As a hint, if you view the entire email (not just the attachemnt portion) as text, then you would see something like the following if mime headers are used.

Subject: base64-encoded test
MIME-Version: 1.0
Content-Type: application/octet-stream; name="resume.pdf"
Content-Transfer-Encoding: base64
BeksterAuthor Commented:
Here is everything before the text jibberrish.  This is from the Barracuda

X-ASG-Debug-ID: 1382488109-02b1fb0c4152a1d0001-5MlMsj
Received: from cvc-dell2850 ([]) by barracuda.ourserver.com with ESMTP id tQB9nQ5mltF2YziM for <jobs@ourserver.com>; Tue, 22 Oct 2013 20:28:30 -0400 (EDT)
X-Barracuda-Apparent-Source-IP: 199.68.xxx.xx
Received: from cvc-dell2850 ([]) by cvc-dell2850 with Microsoft SMTPSVC(6.0.3790.4675);
       Tue, 22 Oct 2013 20:28:29 -0400
Date: Tue, 22 Oct 2013 20:28:29 -0400
Subject:  Careers - Job Application Submission
To: jobs@ourserver.com
X-ASG-Orig-Subj:  Careers - Job Application Submission
Content-Type: multipart/mixed; boundary="PHP-mixed-a8f8b34dec412cc9946a6b5426b25b2c"
Return-Path: <>
Message-ID: <CVC-DELL2850cAXLtYm00000095@cvc-dell2850>
X-OriginalArrivalTime: 23 Oct 2013 00:28:29.0300 (UTC) FILETIME=[CBDABB40:01CECF86]
X-Barracuda-Connect: UNKNOWN[]
X-Barracuda-Start-Time: 1382488110
X-Barracuda-URL: http://localserver:8000/cgi-mod/mark.cgi
X-Barracuda-Orig-Rcpt: jobs@ourserver.com
X-Virus-Scanned: by bsmtpd at ourserver.com
X-Barracuda-Spam-Score: -1001.00
X-Barracuda-Spam-Status: No, SCORE=-1001.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=6.0

Content-Type: multipart/alternative; boundary="PHP-alt-a8f8b34dec412cc9946a6b5426b25b2c"

Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

  Name: My Name Phone:   Email:   Address:
     , .   Extra Information:
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<h3>You have received a new application</h3>
<table width="600" cellpadding="4" cellspacing="1">
  <tr><th width="150" align="right" bgcolor="#CCCCCC">Name</th><td bgcolor="#EEEEEE">My Name</td></tr>
  <tr><th align="right" bgcolor="#CCCCCC">Phone</th><td bgcolor="#EEEEEE"></td></tr>
  <tr><th align="right" bgcolor="#CCCCCC">Email</th><td bgcolor="#EEEEEE"></td></tr>
  <tr><th align="right" bgcolor="#CCCCCC">Address</th><td bgcolor="#EEEEEE"> <br>, . </td></tr>
  <tr><th align="right" bgcolor="#CCCCCC">Extra Information</th><td bgcolor="#EEEEEE">test</td></tr>

Content-Type: application/octet-stream; name="Full Logo with Tag.jpg"  
Content-Transfer-Encoding: base64  
Content-Disposition: attachment; filename="Full Logo with Tag.jpg"
Look at the section that says

Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

This indicates the attachment is plain text, which is what you are seeing. There are no mime headers, which is what I believe is your problem.

If you take one of the problem emails sent to to your personal account, and forward it to your work account, you will see the difference.

I would go back to your website and change the coding to use mime headers with attachments.
BeksterAuthor Commented:
OK thanks I will forward to the web guys and see what they some up with.

Yes, if the email is sent to my personal account then forwarded to my work account its fine.
Blue Street TechLast KnightsCommented:
Nice pinpointing Carl!
Blue Street TechLast KnightsCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now