Content Protection

Introduction

Content Protection in Baruwa is used to manage the types of email attachments that users are allowed to send and receive. It can be deployed to prevent malicious attachments from entering an organizations network or to prevent internal users for sending organization data out of the organization network via email.

Baruwa allows you to perform certain actions based on the mime type or name of attachments attached to an email message that is being processed by it.

The actions that can be performed are:

  • Allow - Makes no changes the attachment
  • Deny - Denies the attachment, removing it from the message
  • Deny and Delete - Deletes the attachment from the message
  • Email to addresses - Redirects the email to the specified addresses
  • Rename - Renames the attachment to name.disarmed
  • Rename To - Renames the attachment to the specified extension

The Rename and Rename To options are not available for archive attachments.

Baruwa uses policies to select messages to perform the above actions. Baruwa ships with default policies that usually work well with most setups. However in some cases users may want to customize or create their own specific policies.

Attachments that do not match any rule in the policies are allowed through by default.

Policy Types

There are four(4) types of policies used by Baruwa:

  • Archive File Name Policies - These are used to match the name of files inside archive attachments such as ZIP and TAR archives
  • Archive Mime Policies - These are used to match the file type of files inside archive attachments such as ZIP and TAR archives. You can use this to identify files which have been renamed to a different extension so as to by pass filename checks. So attackers may rename executable files to different extensions to bypass checks this policy will be able to identify such files.
  • File Name Policies - These are used to match files by name such as .doc
  • FIle Mime Policies - These are used to match files by type such as executable

Policies contain rules, Rules are the actual statements used to match files. For a policy to be usable it should contain atleast one(1) enabled rule.

Creating Policies

Baruwa provides two options for creating policies:

  • Clone - The policy is cloned from the built in policy. If you simply want to disable a few rules from the default policy or add new rules, this is the best option to use. After cloning you can disable the rules you wish to disable or add the new rules then assign the policy.
  • Create - This creates a blank policy to which you add rules. This option is not recommended for most users, unless you are a power user who has extensive experience with the email security.

After a policy has been created and customized, it is available to assign as either a global policy or as a domain policy. Global policies are the default policies that are applied to all messages that do not have a more specific domain policy. Domain policies only apply to messages addressed to or from the specific domain to which the policy is applied.

Policy Rules

Policy Rules are made up of the following parts:

  • Action - Described above
  • Expression - This is a regular expression used to match such as \.ico$
  • Description - This is the message that will be logged and appear in warning messages that the email senders receive.
  • Options - This part is used only by the Email To and Rename To actions. For the Email To action it contains a list of comma separated email addresses. For the Rename To actions it contains the rename to pattern.
  • Enabled - This enables or disables a rule.

Configuration

The content protection system is configured using the Settings menu of the web interface. The instructions are available via Content Protection