We have some new ESAVs installed and currently testing some content filtering, we are using version 8.5.5 build 280.
We have a number of other ironport devices installed so I thought I would reference how we have done it in the past with attachment filtering using content filters. We use a whitelist to only allow a very specific set of document types through our gateways, and everything else gets put in a quarantine.
For example: Allowed_Attachment_Filter
If (attachment-filetype != “pdf”) AND (attachment-filetype != “doc”)
The problem we am having is that the rule is matching emails that contain no attachments which is not the behaviour I expect.
So is this an issue with the version or is this not the way to do a whitelist? As I said, there are already other ironports in production running this config which are apparently working.