?
Solved

Sonicwall Firewall stripping attachments out as text

Posted on 2013-11-05
10
Medium Priority
?
1,558 Views
Last Modified: 2014-01-06
I had our eternally hosted website updated to create a form where people can send in their resumes.  There is an option for them to attach a word file or pdf etc.

When the web company sends the resume to our email account the attachment comes in as text.  I know it is the sonicwall firewall doing this because we have a barracuda spam filter afterwards and it shows the attachment as text aswell.

I had them direct the form to my personal email account and the attachment came in as an attchemnt.  We tried with different file types and it made no difference.  Here is what the email looks like.  I truncated it somewhat as the jibberrish text goes on for a while.

What could be causing this in my sonicwall.  We are using a NSA3500.  Attachments coming in via regular methods are of course ok.  Its is just from this form that the web guys built.

You have received a new application
Name      Bob Smith
Phone      
Email      
Address      
, .
Extra Information      test
--PHP-alt-a8f8b34dec412cc9946a6b5426b25b2c-- --PHP-mixed-a8f8b34dec412cc9946a6b5426b25b2c Content-Type: application/octet-stream; name="Full Logo with Tag.jpg" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Full Logo with Tag.jpg" /9j/4RdURXhpZgAATU0AKgAAAAgABwESAAMAAAABAAEAAAEaAAUAAAABAAAAYgEbAAUAAAABAAAA agEoAAMAAAABAAIAAAExAAIAAAAeAAAAcgEyAAIAAAAUAAAAkIdpAAQAAAABAAAApAAAANAALcbA AAAnEAAtxsAAACcQQWRvYmUgUGhvdG9zaG9wIENTNSBNYWNpbnRvc2gAMjAxMzowNDoyMCAyMDo0 MDoxMAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAIDqADAAQAAAABAAADQwAAAAAAAAAGAQMAAwAA AAEABgAAARoABQAAAAEAAAEeARsABQAAAAEAAAEmASgAAwAAAAEAAgAAAgEABAAAAAEAAAEuAgIA BAAAAAEAABYeAAAAAAAAAEgAAAABAAAASAAAAAH/2P/tAAxBZG9iZV9DTQAB/+4ADkFkb2JlAGSA AAAAAf/bAIQADAgICAkIDAkJDBELCgsRFQ8MDA8VGBMTFRMTGBEMDAwMDAwRDAwMDAwMDAwMDAwM DAwMDAwMDAwMDAwMDAwMDAENCwsNDg0QDg4QFA4ODhQUDg4ODhQRDAwMDAwREQwMDAwMDBEMDAwM DAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM
0
Comment
Question by:Bekster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
10 Comments
 
LVL 25

Assisted Solution

by:Blue Street Tech
Blue Street Tech earned 400 total points
ID: 39626392
Hi Bekster,

SonicWALL has no ability to do that unless you are explicitly filtering it through App Controls, which also has to be enabled and configured. Do you have CGSS licensed and App Control configured? If this was the culprit you'd see it in the Logs as well.

SonicWALL, via App Control, would block attachments in emails from a Mail Client, based on their contents. This method uses Match Object Type File Content in Application Firewall Match Objects. This method inspects the contents of file attachments and based on what is defined in Match Objects, blocks it. E.g., a document file with keyword "Confidential" or a compressed "exe" file. This method does not purport to block attachments by their extension. Likewise, this cannot be used to block HTTP Webmail attachments.

From what you have described it is not network specific which would point to the SonicWALL but rather email provider specific. Additionally, this App Control method would not filter out ALL attachments and would be easily identified in the Logs if it was engaged to take action. I'd look at the email provider and client used.

What Email Client are you using (Outlook, webmail)? What type of email server is it (Exchange, Google Apps, Linux)?

Let me know how it goes!
0
 
LVL 20

Expert Comment

by:carlmd
ID: 39627016
Have you actually tried to open the attachement in an email client?

In order to transfer (email) the attachment it is uuencoded into text, sent, then uudecoded at the receiving site. It looks like you are looking at the attachment before it is converted back to whatever it was.
0
 

Author Comment

by:Bekster
ID: 39627408
I am using outlook with exchange . We have a Barracuda firewall that is after the sonicwall, but before the exchange server, and the message is in that format on the barracuda, so the email client isnt relevant here.

In an email client there is no actual attachment, there is just that huge string of text
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 20

Expert Comment

by:carlmd
ID: 39627527
Here is another possibility...

There are two ways (or more) to add an attachment to an email. One is by simply uuencoding it and the other is to use mime headers with the encoding.

Some email clients will accept either while others (apple items) are much more restrictive and typically require mime headers with the encoding. If you see an attachment that appears in the body of an email, then typically you need mime headers.

Since this is your web site that is sending the email, which method are you using to send the email with attachment?

As a hint, if you view the entire email (not just the attachemnt portion) as text, then you would see something like the following if mime headers are used.

Subject: base64-encoded test
MIME-Version: 1.0
Content-Type: application/octet-stream; name="resume.pdf"
Content-Transfer-Encoding: base64
0
 

Author Comment

by:Bekster
ID: 39627639
Here is everything before the text jibberrish.  This is from the Barracuda

X-ASG-Debug-ID: 1382488109-02b1fb0c4152a1d0001-5MlMsj
Received: from cvc-dell2850 ([199.68.176.112]) by barracuda.ourserver.com with ESMTP id tQB9nQ5mltF2YziM for <jobs@ourserver.com>; Tue, 22 Oct 2013 20:28:30 -0400 (EDT)
X-Barracuda-Envelope-From:
X-Barracuda-Apparent-Source-IP: 199.68.xxx.xx
Received: from cvc-dell2850 ([127.0.0.1]) by cvc-dell2850 with Microsoft SMTPSVC(6.0.3790.4675);
       Tue, 22 Oct 2013 20:28:29 -0400
Date: Tue, 22 Oct 2013 20:28:29 -0400
Subject:  Careers - Job Application Submission
To: jobs@ourserver.com
X-ASG-Orig-Subj:  Careers - Job Application Submission
From:
Reply-To:
Content-Type: multipart/mixed; boundary="PHP-mixed-a8f8b34dec412cc9946a6b5426b25b2c"
Return-Path: <>
Message-ID: <CVC-DELL2850cAXLtYm00000095@cvc-dell2850>
X-OriginalArrivalTime: 23 Oct 2013 00:28:29.0300 (UTC) FILETIME=[CBDABB40:01CECF86]
X-Barracuda-Connect: UNKNOWN[199.68.176.112]
X-Barracuda-Start-Time: 1382488110
X-Barracuda-URL: http://localserver:8000/cgi-mod/mark.cgi
X-Barracuda-Orig-Rcpt: jobs@ourserver.com
X-Virus-Scanned: by bsmtpd at ourserver.com
X-Barracuda-Spam-Score: -1001.00
X-Barracuda-Spam-Status: No, SCORE=-1001.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=6.0

 
--PHP-mixed-a8f8b34dec412cc9946a6b5426b25b2c  
Content-Type: multipart/alternative; boundary="PHP-alt-a8f8b34dec412cc9946a6b5426b25b2c"

--PHP-alt-a8f8b34dec412cc9946a6b5426b25b2c  
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

  Name: My Name Phone:   Email:   Address:
     , .   Extra Information:
  test
--PHP-alt-a8f8b34dec412cc9946a6b5426b25b2c  
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<h3>You have received a new application</h3>
<table width="600" cellpadding="4" cellspacing="1">
  <tr><th width="150" align="right" bgcolor="#CCCCCC">Name</th><td bgcolor="#EEEEEE">My Name</td></tr>
  <tr><th align="right" bgcolor="#CCCCCC">Phone</th><td bgcolor="#EEEEEE"></td></tr>
  <tr><th align="right" bgcolor="#CCCCCC">Email</th><td bgcolor="#EEEEEE"></td></tr>
  <tr><th align="right" bgcolor="#CCCCCC">Address</th><td bgcolor="#EEEEEE"> <br>, . </td></tr>
  <tr><th align="right" bgcolor="#CCCCCC">Extra Information</th><td bgcolor="#EEEEEE">test</td></tr>
</table>
--PHP-alt-a8f8b34dec412cc9946a6b5426b25b2c--

--PHP-mixed-a8f8b34dec412cc9946a6b5426b25b2c  
Content-Type: application/octet-stream; name="Full Logo with Tag.jpg"  
Content-Transfer-Encoding: base64  
Content-Disposition: attachment; filename="Full Logo with Tag.jpg"
0
 
LVL 20

Accepted Solution

by:
carlmd earned 1600 total points
ID: 39627660
Look at the section that says

Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

This indicates the attachment is plain text, which is what you are seeing. There are no mime headers, which is what I believe is your problem.

If you take one of the problem emails sent to to your personal account, and forward it to your work account, you will see the difference.

I would go back to your website and change the coding to use mime headers with attachments.
0
 

Author Comment

by:Bekster
ID: 39627688
OK thanks I will forward to the web guys and see what they some up with.

Yes, if the email is sent to my personal account then forwarded to my work account its fine.
0
 
LVL 25

Expert Comment

by:Blue Street Tech
ID: 39628179
Nice pinpointing Carl!
0
 
LVL 25

Expert Comment

by:Blue Street Tech
ID: 39689673
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Make the most of your online learning experience.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month8 days, 5 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question