Policies

The Policy View allows administrators to define, manage, and prioritize email security policies. Policies dictate how inbound and outbound emails are analyzed and handled based on threat detection and prevention technologies.

Policy List

Each row in the policy list provides key details about an individual policy:

• Order: The ranking of the policy, determining its priority.

• Policy Name: The name assigned to the policy for identification.

• Direction: Specifies which email flow the policy applies to:

  • Inbound: Emails received by the organization.
  • Outbound: Emails sent from the organization.
  • All Directions: The policy applies to all email flows.

• Description: A brief explanation of what the policy does.

• Status: Indicates whether the policy is Active or Inactive.

Policy Application

• Drag and Drop Ordering: Policies are prioritized from top to bottom, with higher policies overriding lower ones in case of conflicts.
• Only the highest applicable policy is used when analyzing each email.

Managing Policies

Activating or Deactivating Policies

• Policies can be turned on or off using the toggle switch in the Status column.
• Active Policies: Are enforced on incoming or outgoing emails.
• Inactive Policies: Are not applied to email security processing.

Reordering Policies

• Policies can be reordered by dragging and dropping them into the desired priority order.
• The top-most policy takes precedence over lower ones in case of conflicting rules.

Default Policy

• The Default Policy is the baseline policy applied when no other policies match.
• It cannot be moved, deleted or disabled, but can be customized to align with organizational security needs.

Policy Details

General Information

This section provides an overview of the policy, including:

• Policy Name: A user-defined name for identifying the policy.

• Description: A brief explanation of the policy’s purpose.

• Apply Policy To: Specifies which email traffic is affected:

  • Inbound: Emails received by the organization.
  • Outbound: Emails sent from the organization.
  • All Directions: The policy applies universally.

• Status: Toggle to activate or deactivate the policy.

• Target Audience: Specifies user groups affected by the policy.

• Date Created and Last Modified: Shows when the policy was created and last updated.

Policy Summary

This section provides a quick summary of the policy configuration, including:

• Advanced Threat Prevention Verdicts: Displays key threat classifications (e.g., Malicious, Suspicious).
• Zero-Day Malware Prevention Verdicts: Displays threat prevention classifications (e.g., Sanitized, Unsupported File Type, Failed Sanitization).
• Other Processing Outcomes: Includes additional conditions such as Encrypted Content or Failure to Analyze.

Configuration Settings

The configuration section enables detailed customization of security measures applied by the policy.

Advanced Threat Prevention

• Enabled/Disabled Toggle: Determines whether OPSWAT Metascan™

• Multiscanning is applied.

• Detection Verdicts:

  • Malicious: High-risk emails detected as harmful.
  • Suspicious: Potential threats that require further analysis.

• Action Options:

  • Block: Prevents email delivery.
  • Allow: Permits email delivery despite detection.

• Edit Engine List: Modify the Anti-Virus engines used in threat detection.

Zero-Day Malware Prevention

• Configuration Settings: Defines rules for handling potentially dangerous file content.

• Processing Outcomes:

  • Sanitized: Emails containing files successfully sanitized.
  • Unsupported File Type: Emails containing files that cannot be reconstructed.
  • Failure to Sanitize: Emails containing files that failed reconstruction.

• Action Options:

  • Select: Allow or Block.

• Configuration:

  • Sanitization Target: Select email sanitization scope (bodies, attachments or both).

  • Exclude Specific File Types from Sanitization: Select file types to exclude from any sanitization.

  • Signed Content Exclusions: Select file types to exclude from any sanitization when signed.

  • Sanitized Filename Template: Defines how renamed sanitized files will appear. Variables can be used to preserve metadata while ensuring the filename indicates it has been sanitized.

    • ${original_name} – The original filename without the extension
    • ${extension} – The file extension
    • ${timestamp} – Optional timestamp
    • ${policy_name} – Optional policy reference

  • Store original of sanitized email in quarantine: If enabled, the original unmodified version of the email + attachments is kept in quarantine for investigation or retrieval.

Other Processing Verdicts

• Encrypted Content: Emails containing encrypted attachments.

  • Action: Allow or Block.

• Failure to Analyze: Emails that could not be fully examined.

  • Action: Allow or Block.

Additional Settings

• Email Templates: Configure notification messages for policy enforcement actions.

  • For inbound policies, notifications are delivered to the recipient(s) of the original email.

  • For outbound policies, notifications are delivered to the sender of the original email.

  • User Permissions:

    • Allow users to rescan encrypted content

      • Allow notification recipient to rescan the email (including providing passwords when any password protected attachments are present in the email).

    • Allow users to release blocked emails

      • Allow notification recipient to release a blocked email without administrator approval.

    • Allow users to view scan result

      • Allow notification recipient to view the scan results, including any threat names etc.

• Banner: Add custom banner to email body based on policy enforcement.
  • Banner location: Top or Bottom of email body.

Target audience

The Target Audience tab allows administrators to define which users or groups a specific policy will apply to. This configuration is crucial for ensuring that the correct set of users are governed by the intended security rules.

The screen is split into two panels:

• Left Panel – Integrations: Displays the available integrations, users and groups that can be added to the policy.
• Right Panel – Selected: Lists the users and groups currently selected as the target audience for this policy.
• Use the Search bar above the Integrations list to quickly locate a specific user or email address.

Add to Target Audience

• To assign users/groups to the policy, click the right arrow (→) button next to the desired entry in the Integrations panel.
• The selected entry will move to the Selected list on the right.

Remove from Target Audience

• To remove a user/group from the policy, click the left arrow (←) button next to their entry in the Selected panel.
• The entry will return to the Integrations panel.

Best Practices

• Group Selection: Utilize logical grouping (e.g., departments or teams) for better manageability.
• Search Filters: Use precise keywords (email prefix, domain, or name) in the search to quickly locate entries.
• Regular Review: Periodically audit the selected audience to ensure policy relevance and security compliance.

Encrypted & Signed Emails

Emails that are encrypted and/or digitally signed are analyzed when a policy is applied. To preserve message integrity, no modifications (sanitization, banners etc.) are made, as any changes may break the encryption or digital signature.