Delaying Potentially Malicious E-mail Attachments

This article presents an overview of how to release messages that are delayed because they contain Potentially Malicious Attachments (PMA). For a more information about this, including a list of impacted attachment types, please see Delayed Attachment Notification and Release.

When the system identifies a message addressed to you with a PMA:
  1. You will receive a notification email from DU Message Scanner (see an Example Notification Email below).
  2. You may choose to release the message at that time or you may allow the system to automatically release and rescan the message approximately 4 hours after it first arrived. In either case, please leave the notification email in your Inbox.
  3. Shortly after releasing the message you’ll receive the original email which will include the attachment that had been sidelined for scanning.
  4. Once the message has arrived, you may delete the notification message.
  5. If you do not receive the original e-mail with the attachment. Please see the FAQ below.

Example Notification Email

When a notification arrives in your Inbox it will look like this :

From Subject
DU Message Scanner University of Denver Quarantined Message Notification

When it is open, it will appear similar to this:

Subject: University of Denver Quarantined Message Notification
From: DU Message Scanner <pmx@du.edu>

The messages listed in this notification contain attachments of a type that have historically been used to exploit computer operating system and application vulnerabilities for which software vendors have been slow to release patches.

As an added layer of protection for your computer and its data, the mail system has deferred the delivery of these messages. After approximately four hours the system will rescan the messages and, if they do not contain a recognized threat, deliver them. Messages that do contain a threat will be automatically deleted.

After reviewing the messages below, you can request an early release of one or more messages:
  • By clicking on the bracketed information, the Message ID, in the list of deferred messages. The click will generate an email to send to release the message. Send it.
  • Or by replying to this notification, leaving the text below this line in your reply (the information is needed by the automated system that releases the selected messages). If there is more than one message in the list and you do not wish to release all of them at this time, please edit your reply and delete the Message ID for the emails you do not wish to release.
Message ID Received Size From Subject << Snippet
[#1cYM-1] 8/31 02:54 28.3K grumpy@dept.du.edu Final version << I've attached the final version.
[#1dYI-1] 8/31 02:39 28.2K sleepy@email.com Trial results << Here is the spread sheet of the

Important Notice:

Early release messages are not rescanned by the mail system. Please be sure your anti virus program is running and up-to-date.

If you choose to release a message early it is important for you to realize that you are subjecting your data and your computer to an additional level of risk. If the released message results in loss of, or inadvertent disclosure of information on your computer, the responsibility for the subsequent clean-up, repair, and/or recovery of your damaged system rests with you.

In any case, to protect yourself and others, please take extra precautions with all files downloaded via the network or received via e-mail.


For additional information, including a current list of impacted attachment types, please see:

Delaying Potentially Malicious E-mail Attachments

University of Denver
University Technology Services
Information Security Email: info-security@du.edu
Phone: (303)871-4940

Back to top

FAQ

I got a message with an attachment, but never received a notification. What happened?

There are a couple of possibilities.

One is that the attachment is not one of the ones that is delayed for rescanning. Check the list of delayed attachment types here:

Delayed Attachment Notification and Release

Another possibility is that the notification email landed in another folder than your Inbox. Check your Junk folder. If you use an e-mail client such as Outlook or Thunderbird, and you have enabled filtering, your message may have been directed to a folder other than your Inbox. If so, please check your other folders as well.

If, after checking, you still believe there is an issue please retain the message with the attachment, we will need information from that message to diagnose any problems. To notify us of the problem please contact Support.
Top of FAQ

I got a notification and released the message but never received it in my InBox. What happened to my message?

Be sure to recheck your Inbox. Some e-mail client programs sort the Inbox by date received by the system. Since these messages can be delayed, they may appear before messages that have arrived in your Inbox during the delay.

Check your Junk folder. If you use an e-mail client such as Outlook or Thunderbird, and you have enabled filtering your message may have been directed to a folder other than your Inbox. If so, please check your other folders as well.

If, after checking, you still believe there is an issue please retain the notification, we will need information from that message to diagnose any problems. To notify us of the problem please contact Support.

Top of FAQ

I got a notification and released the message, but received an error message. What happened to my message?

You can receive an error message if your request arrives after the message is already released or there is a problem in the content or format of your release request.

    1. If the above error is similar to one of these:

      "Cannot approve message '1406914-1': quarantine error"
      Or

      "Could not find record of digest '763ad60672073c025966ea'"

      This type of error indicates that a message has already been released, either automatically or by request.

      Please check your Inbox to see if you have already received the
      message in question; you may also wish to check your Junk mail
      folder in case the message was categorized as spam.
    2. Or, if the above error is similar to one of these:

"No digest IDs were extracted from the approval request"

or

"No requested IDs ([#1e9C-1]) belong to digest '7634d6c125e9ea'"

The approval message sent to the release process did not include
a required or recognizable digest ID (the information within and
including the [] in body of the original notification message).
It is needed by the automated system that releases the selected
messages.

Please find the original notification message and respond to
it again, being careful to leave the digest ID(s) in the body
of the reply as they appear in the body of the notification.

You may also elect to wait for the automatic release of the
message.

If, after trying the above suggestions, you still believe there is an issue please retain the notification and the error message, we will need information from these messages to diagnose any problems. To notify us of the problem please contact Support.

Top of FAQ

When I received the notification, I did not request a release of the message and allowed the message to be rescanned by the system. I never received the message with the attachment. What happened?

In this case the delay did its job. During the delay, the system updated Anti-Virus, Anti-Spam and/or Anti-Fraud signatures. When the message was rescanned the system deleted the message rather than delivering it to your InBox.

Top of FAQ

Support


If you have questions that are not answered in this article, the FAQ or Delayed Attachment Notification and Release, please contact the Help Desk at 1-303-871-4700 or by filling in this form.

Back to top