If a client reports that the Email Appliance is blocking messages with an EML extensions, you can manually create a customized rules to exclude this attachment type using your own blocking list instead of the default Sophos list.
You will need to disable the SophosLabs list and create a content rule and manually add the file types to match. To do this follow the steps below.
Known to apply to the following Sophos product(s) and version(s)
Sophos Email Appliance
Particular operating systems related to this article - if any. Delete this section rather than putting 'Windows All' etc.
What To Do
- Log on to the manager interface (18080) page | Configuration | Policy | Anti-Virus | Disable the "SophoLabs Suspect Attachment to all".
- Click on the "SophosLabs Suspect Attachment to all" and write down all the current file type. (You can decide which files you want or do not want). This list will be used when creating your own policy. One downside is that, client will need to check if there is any new type being added to the SophosList once a while and manually add it to their own block type list.
- Create your own content policy rule:
- Log on to the manager interface (18080) page | Configuration | Policy | Content | click on the "add" button on the right hand pane under 'Inbounce' section.
- Choose "Attachment type list" from the 'Select rule type'
- Tick the "Enabled advanced policy options" box and press 'Next' button.
- Include all the file type either by adding each of the entry manually or upload from a text file.
- Continue till the "Main Action" section and choose "Quarantine, drop files(s) and continue" from the 'Message actions' list and choose "Suspect attach" for 'Quarantine for reason'.
- Continue to complete the rest of the steps and active the rule when done.