Description
This article describes how to bypass antivirus and content filter check for specific senders.
It should be noted that the whitelist does not cancel antivirus and content filter checking. This is expected behavior. The whitelist cancels only antispam checks against the received email, antivirus and content filtering will still take place.
It should be noted that the whitelist does not cancel antivirus and content filter checking. This is expected behavior. The whitelist cancels only antispam checks against the received email, antivirus and content filtering will still take place.
Scope
All versions.
Solution
It is possible to cancel antivirus/content filtering for specific users/domains by creating specific recipient policies (Policy> Policies> Recipient Policies) with those users/domains in sender pattern, without any content profile selected.
Configuration GUI
Go to Policy> Policies> Recipient Policies; create New.
Specify the sender, keep antivirus and/or content with unassigned profile.
Switch to the Domain. Select the policy and use Move and Up (or other) to move the new, specific, policy on top of the rulebase.
The result should be similar to the following screenshot:
Configuration CLI
The same can be done via the CLI.
Verification of Configuration and troubleshooting
Send an email, which was previously blocked by antivirus/content profile, from the user that has been specified and check if the email is delivered.
It should also be possible to verify that the correct policy id is matched (in v5.0 and newer).
The "Policy IDs" are in format Access Control : IP Policy : Recipient Policy
In the screenshot the recipient policy id is 2, which is the specific policy created in the example.
Configuration GUI
Go to Policy> Policies> Recipient Policies; create New.
Specify the sender, keep antivirus and/or content with unassigned profile.
Switch to the Domain. Select the policy and use Move and Up (or other) to move the new, specific, policy on top of the rulebase.
The result should be similar to the following screenshot:
Configuration CLI
The same can be done via the CLI.
config domain
edit <domain_name>
config policy recipient
edit 0
set sender-name no-AV
set sender-domain sender.lab
set profile-antispam AS_Inbound
next
end
(recipient) # get
== [ 1 ]
recipient-name: * recipient-type: user recipient-domain: internal.lab status: enable sender-name: * sender-type: user sender-domain: * direction: incoming profile-antispam: AS_Inbound profile-content: CF_Inbound profile-antivirus: AV_In_Discard profile-auth-type: none smtp-diff-identity: disable pkiauth: disable pkiuser: comment:
== [ 2 ]
recipient-name: * recipient-type: user recipient-domain: internal.lab status: enable sender-name: no-AV sender-type: user sender-domain: sender.lab direction: incoming profile-antispam: AS_Inbound profile-content: profile-antivirus: profile-auth-type: none smtp-diff-identity: enable pkiauth: disable pkiuser: comment:
move 2 before 1 #<-- 2 and 1 needs to be changed according to the get output
(recipient) # get
== [ 2 ]
recipient-name: * recipient-type: user recipient-domain: internal.lab status: enable sender-name: no-AV sender-type: user sender-domain: sender.lab direction: incoming profile-antispam: AS_Inbound profile-content: profile-antivirus: profile-auth-type: none smtp-diff-identity: enable pkiauth: disable pkiuser: comment:
== [ 1 ]
recipient-name: * recipient-type: user recipient-domain: internal.lab status: enable sender-name: * sender-type: user sender-domain: * direction: incoming profile-antispam: AS_Inbound profile-content: CF_Inbound profile-antivirus: AV_In_Discard profile-auth-type: none smtp-diff-identity: disable pkiauth: disable pkiuser: comment:
end
Verification of Configuration and troubleshooting
Send an email, which was previously blocked by antivirus/content profile, from the user that has been specified and check if the email is delivered.
It should also be possible to verify that the correct policy id is matched (in v5.0 and newer).
The "Policy IDs" are in format Access Control : IP Policy : Recipient Policy
In the screenshot the recipient policy id is 2, which is the specific policy created in the example.
