Why is GFI MailSecurity blocking my attachments when these are detected as being a different file-type? How can I disable this?

The information in this article applies to:

  • GFI MailSecurity for Exchange/SMTP 10
  • GFI MailSecurity for Exchange/SMTP 8
  • GFI MailSecurity for Exchange/SMTP 9

Article ID: KBID001922

Query keywords: attachment checking, attachments, docx, Office 2007

This article applies only to GFI MailSecurity 8.1 build 20031205 or later builds and versions. If you are running an older build, please see the notes at the end of this knowledgebase article.

Issue Encountered:

Sometimes, GFI MailSecurity does not manage to determine the correct file-type of the file, and will return an error similar to the following:

The file was blocked by the attachment checking module at file type checking stage. The attachment claimed to be a ".doc" which is identified as being an attachment in category DOC. The file was detected to belong to the category RTF.


Solution:

The information in this knowledgebase article should be used when one file-type is being detected as multiple file-types. In this knowledgebase article, we are going to take word documents (.doc) which are being detected as both TXT and RTF as an example.

GFI MailSecurity for Exchange/SMTP version 9.0 and later:

  1. From the GFI MailSecurity machine, open regedit (Start -> Run -> type “regedit” and press Enter)
  2. Change to [HKEY_LOCAL_MACHINE\SOFTWARE\GFI\ContentSecurity\Ext\FileTypeChecker\KnownTypes]
  3. Find the value of the extension type that GFI MailSecurity is detecting. In this case RTF = 18 (decimal) and TXT = 1 (decimal)
  4. Change to [HKEY_LOCAL_MACHINE\SOFTWARE\GFI\ContentSecurity\MailSecurity\Engines\AttachChecker\BlockByAssocExceptions]
  5. Create a new STRING value with the extension of the file type being blocked. In this case, the name of the STRING value should be ‘doc’ (without inverted commas)
  6. Double click on the new ‘doc’ value and change the value data to the value retrieved in (3). In this case, we should change the value of ‘rtf’ and 'txt'. This should be done in the following form:
    ‘[18],[1]’ without the inverted commas.
  7. Close regedit
  8. Restart the GFI MailSecurity Scan Engine service and the Microsoft IISAdmin Service, and their dependent services.
     

GFI MailSecurity for Exchange 2000/2003 version 8.1: 

  1. From the GFI MailSecurity machine, open regedit (Start -> Run -> type “regedit” and press Enter)
  2. Change to [HKEY_LOCAL_MACHINE\SOFTWARE\GFI Fax & Voice\GFIAV\Ext\ FileTypeChecker\KnownTypes]
  3. Find the value of the extension type that GFI MailSecurity is detecting. In this case RTF = 18 (decimal) and TXT = 1 (decimal)
  4. Change to [HKEY_LOCAL_MACHINE\SOFTWARE\GFI Fax & Voice\GFIAV\Ext\AttachChecker\BlockByAssocExceptions]
  5. Create a new STRING value with the extension of the file type being blocked. In this case, the name of the STRING value should be ‘doc’ (without inverted commas)
  6. Double click on the new ‘doc’ value and change the value data to the value retrieved in (3). In this case, we should change the value of ‘rtf’ and 'txt'. This should be done in the following form:
    ‘[18],[1]’ without the inverted commas.
  7. Close regedit
  8. Restart the IIS Admin service


Technical Information:

During Attachment Checking, GFI MailSecurity will try to determine the file-type, and check that it matches the file-extension. If these do not match, GFI MailSecurity will block the attachment.


Notes:

If you are using GFI MailSecurity 8.1 for Exchange 2000/2003 and the build is older then 20031205, it is recommended to upgrade to the latest build and use the procedure shown in this knowledgebase article. If however an upgrade is not possible, please use these knowledgebase articles:

  • Word documents being blocked by GFI MailSecurity: KBID001898
  • GFI MailSecurity blocking attachments with a different file type: KBID001899
  • Stopping MailSecurity from blocking attachments detected as being of a different file-type: KBID001900