Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiMail 7.2.3 CLI Reference
    7.2.3
    7.6.1
    7.6.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.0
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    profile content

    profile content

    Use this command to create content profiles, which you can use to match email based upon its subject line, message body, and attachments.

    Unlike antispam profiles, which deal primarily with spam, content profiles match any other type of email.

    Content profiles can be used to apply content-based encryption to email. They can also be used to restrict prohibited content, such as words or phrases, file names, and file attachments that are not permitted by your network usage policy. As such, content profiles can be used both for email that you want to protect, and for email that you want to prevent.

    Syntax

    config profile content

    edit <profile_name>

    config attachment-scan

    edit <index_number>

    set action <action>

    set operator {is | is-not}

    set patterns {archive | audio | encrypted | executable_windows | image | msoffice | openoffice | script | video}

    set status {enable | disable}

    config monitor

    edit monitor <index_int>

    set action <profile_name>

    set dict-score <score_int>

    set dictionary-group <dictionary-group_name>

    set dictionary-profile <dictionary-profile_name>

    set dictionary-type {group | profile}

    set scan-msoffice {enable | disable}

    set scan-pdf {enable | disable}

    set status {enable | disable}

    set action-cdr <action_profile>

    set action-default <action_profile>

    set action-image-analysis <action_profile>

    set action-max-size <action-profile>

    set archive-scan-options {block-on-failure-to-decompress | block-password-protected | block-recursive}

    set cdr-file-type-options {msoffice | pdf}

    set decrypt-password-archive {enable |disable}

    set decrypt-password-num-of-words <number>

    set decrypt-password-office {enable | disable}

    set decrypt-password-options {built-in-password-list | user-defined-password-list | words-in-email-content}

    set defersize <size-in-kb>

    set embedded-scan-options {check-msoffice | check-msoffice-vba | check-msvisio | check-openoffice | check-pdf}

    set html-content-action {convert-to-text | modify-content}

    set html-content-uri-action {click-protection | click-protection-isolator | isolator | keep | remove}

    set html-content-uri-selection {tag-attribute | tag-content}

    set image-analysis-scan {enable | disable}

    set max-num-of-attachment <number>

    set max-size <size-in-kb>

    set max-size-option {message | attachment}

    set max-size-status {enable | disable}

    set remove-active-content {enable | disable}

    set scan options block-fragmented-email

    set scan options block-password-protected-office

    set scan options check-archive-content

    set scan options check-embedded-content

    set scan options bypass-on-smtp-auth

    set scan options check-html-content

    set scan options check-max-num-of-attachment

    set scan options check-text-content

    set scan options defer-message-delivery

    set text-content-action {remove-uri | click-protection}

    end

    Variable

    Description

    Default

    <profile_name>

    Enter the name of the profile.

    To view a list of existing entries, enter a question mark ( ? ).

    action <action>

    Specify the action to use.

    operator {is | is-not}

    Specify the operator.

    is

    patterns {archive | audio | encrypted | executable_windows | image | msoffice | openoffice | script | video}

    Enter the pattern/s that match the email attachment names that you want the content profile to match.

    For multiple patterns, separate each entry with a space.

    status {enable | disable}

    Enable or disable a pattern that matches the email attachment names that you want the content profile to match.

    enable

    monitor <index_int>

    Enter the index number of the monitor profile.

    If the monitor profile does not currently exist, it will be created.

    action <profile_name>

    Enter the action profile for this monitor profile. The FortiMail unit will perform the actions if the content of the email message matches words or patterns from the dictionary profile that the monitor profile uses.

    dict-score <score_int>

    Enter the number of times that an email must match the content monitor profile before it will receive the antispam action.

    1

    dictionary-group <dictionary-group_name>

    Enter the dictionary profile group that this monitor profile will use.

    The FortiMail unit will compare content in the subject line and message body of the email message with words and patterns in the dictionary profiles. If it locates matching content, the FortiMail unit will perform the actions configured for this monitor profile.

    For information on dictionary profiles, see the FortiMail Administration Guide.

    dictionary-profile <dictionary-profile_name>

    Enter the dictionary profile that this monitor profile will use.

    The FortiMail unit will compare content in the subject line and message body of the email message with words and patterns in the dictionary profile. If it locates matching content, the FortiMail unit will perform the actions configured for this monitor profile in profile content-action.

    For information on dictionary profiles, see the FortiMail Administration Guide.

    dictionary-type {group | profile}

    Enter profile to detect content based upon a dictionary profile, or group to detect content based upon a group of dictionary profiles.

    group

    scan-msoffice {enable | disable}

    Enable or disable MS Word document scanning for this profile.

    disable

    scan-pdf {enable | disable}

    Enable or disable PDF document scanning for this profile.

    disable

    status {enable | disable}

    Enable or disable this monitor profile.

    disable

    action-cdr <action_profile>

    Specify the action profile to use.

    action-default <action_profile>

    Enter a content action profile to be used by all the content filters except for the encrypted email, which can have its own action. See below for details.

    action-image-analysis <action_profile>

    For the image email file type, you can use a content action profile to overwrite the default action profile used in the content profile.

    action-max-size <action-profile>

    Specify the action profile to use for message over maximum size.

    block-on-failure-to-decompress

    Enter to apply the action configured in profile content-action if an attached archive cannot be successfully decompressed in order to scan its contents.

    block-password-protected

    Enter to apply the action configured inprofile content-action if an attached archive is password-protected.

    block-recursive

    Enable to block archive attachments whose depth of nested archives exceeds archive-max-recursive-level <depth_int>.

    archive-max-recursive-level <depth_int>

    Enter the nesting depth threshold. Depending upon each attached archive’s depth of archives nested within the archive, the FortiMail unit will use one of the following methods to determine whether it should block or pass the email.

    • The archive-max-recursive-level is 0, or attachment’s depth of nesting equals or is less than archive-max-recursive-level: If the attachment contains a file that matches one of the other MIME file types, perform the action configured for that file type, either block or pass.
    • The attachment’s depth of nesting is greater than archive-max-recursive-level: Apply the block action, unless you have disabled block-recursive, in which case it will pass the MIME file type content filter. Block actions are specified in the profile content-action.

    12

    cdr-file-type-options {msoffice | pdf}

    Specify the file type for content disarm and reconstruction.

    decrypt-password-archive {enable |disable}

    Enable or disable to decrypt password protected archives.

    disable

    decrypt-password-num-of-words <number>

    Specify the number of words adjacent to the keyword to try for archive decryption.

    5

    decrypt-password-office {enable | disable}

    Enable to decrypt password protected Office files.

    disable

    decrypt-password-options {built-in-password-list | user-defined-password-list | words-in-email-content}

    Specify which kind of password to use to decrypt the archives.

    words-in-email-content

    defersize <size-in-kb>

    Bigger size will be deferred. 0 means no limit.

    0

    embedded-scan-options {check-msoffice | check-msoffice-vba | check-msvisio | check-openoffice | check-pdf}

    Documents, similar to an archive, can sometimes contain video, graphics, sounds, and other files that are used by the document. By embedding the required file within itself instead of linking to such files externally, a document becomes more portable. However, it also means that documents can be used to hide infected files that are the real attack vector.

    Enable to, for MIME types such as Microsoft Office, Microsoft Visio, OpenOffice.org , and PDF documents, scan files that are encapsulated within the document itself.

    html-content-action {convert-to-text | modify-content}

    Specify the action towards hypertext markup language (HTML) tags in email messages:

    • convert-to-text: Convert the HTML content to text only content.
    • modify-content: Set to determine active content handling and URI processing (see html-content-uri-selection and remove-active-content respectively).

    modify-content

    html-content-uri-action {click-protection | click-protection-isolator | isolator | keep | remove}

    Specify HTML content URI tag handling in email messages:

    • click-protection: Rewrite the URIs and in case the user clicks on the URIs, scan the URIs and then take the configured actions.
    • click-protection-isolator: Redirect to Click Protection and FortiIsolator. If the rewritten URL matched FortiIsolator URL category and passed Click Protection handling category, it is opened in FortiIsolator.
    • isolator: Redirect to FortiIsolator.
    • keep: Keep URI tags.
    • remove: Remove URI tags.

    click-protection

    html-content-uri-selection {tag-attribute | tag-content}

    Select URIs to process from specified parts of HTML.

    This field applies only if html-content-action is modify-content.

    tag-attribute

    image-analysis-scan {enable | disable}

    If you have purchase the adult image scan license, you can enable it to scan for adult images.

    You can also configure the scan sensitivity and image sizes under Security > Other > Adult Image Analysis.

    disable

    max-num-of-attachment <number>

    Specify how many attachments are allowed in one email message. The valid range is between 1 and 100. The default value is 10.

    10

    max-size <size-in-kb>

    Enter the size threshold in kilobytes. Delivery of email messages greater than this size will be deferred until the period configured for oversize email.

    To disable deferred delivery, enter 0.

    10240

    max-size-option {message | attachment}

    Specify either the message or attachment for the size limit.

    message

    max-size-status {enable | disable}

    Enable to apply the maximum size limits.

    disable

    remove-active-content {enable | disable}

    Enable to remove active content.

    This field applies only if html-content-action is modify-content.

    enable

    block-fragmented-email

    Enable to detect and block fragmented email.

    Some mail user agents, such as Outlook, are able to fragment big emails into multiple sub-messages. This is used to bypass oversize limits/scanning.

    disable

    block-password-protected-office

    Enable to apply the block action configured in the content action profile if an attached MS Office document is password-protected, and therefore cannot be decompressed in order to scan its contents.

    disable

    check-archive-content

    Enable to check for archived attachments.

    check-embedded-content

    Enable to check for embedded contents.
    Documents, similar to an archive, can sometimes contain video, graphics, sounds, and other files that are used by the document. By embedding the required file within itself instead of linking to such files externally, a document becomes more portable. However, it also means that documents can be used to hide infected files that are the real attack vector.

    bypass-on-smtp-auth

    Enable to omit antispam scans when an SMTP sender is authenticated.

    disable

    check-html-content

    Enable to detect hypertext markup language (HTML) tags and, if found:

    apply the action profile

    add X-FEAS-ATTACHMENT-FILTER: Contains HTML tags. to the message headers

    This option can be used to mitigate potentially harmful HTML content such as corrupted images or files, or phishing URLs that have been specially crafted for a targeted attack, and therefore not yet identified by the FortiGuard Antispam service.

    Depending on the action profile, for example, you could warn email users by tagging email that contains potentially dangerous HTML content, or, if you have removed the HTML tags, allow users to safely read the email to decide whether or not it is legitimate first, without automatically displaying and executing potentially dangerous scripts, images, or other files (automatic display of HTML content is a risk on some email clients).

    Caution: Unless you also select replace for the action in the content action profile, HTML will not be removed, and the email will not be converted to plain text. Instead, the FortiMail unit will only apply whichever other action profile “block” action you have selected.

    To actually remove HTML tags, you must also select replace.

    If you select Replace, all HTML tags will be removed, except for the minimum required by the HTML document type definition (DTD):

    <html>

    <head>

    <body>

    Stripped body text will be surrounded by <pre> tags, which is typically rendered in a monospace font, causing the appearance to mimic plain text.

    For linked files, which are hosted on an external web site for subsequent download rather than directly attached to the email, the FortiMail unit will download and attach the file to the email before removing the <img> or <embed> tag. In this way, while the format is converted to plain text, attachments and linked files which may be relevant to the content are still preserved.

    For example, in an email that is a mixture of HTML and plain text (Content‑Type: multipart/alternative), and if the action profile’s “block” action is replace, the FortiMail unit would remove hyperlink, font, and other HTML tags in the sections labeled with Content-Type: text/html. Linked images would be converted to attachments (The MIME Content‑Type: text/html label itself, however, would not be modified).

    check-max-num-of-attachment

    Enable to specify how many attachments are allowed in one email message. The valid range is between 1 and 100. The default value is 10.

    check-text-content

    Enable to check the URI in the text part of the messages.

    defer-message-delivery

    Enable to defer mail delivery from specific senders configured in policy to conserve peak time bandwidth at the expense of sending low priority, bandwidth consuming traffic at scheduled times. For example, you can apply this function to senders of marketing campaign emails or mass mailing.

    text-content-action {remove-uri | click-protection}

    Remove URIs: Removes URIs in the text parts of email messages.

    Click Protection: Rewrite the URIs and in case the user clicks on the URIs, scan the URIs and then take the configured action.

    remove-uri

    Related topics

    profile content-action

    Previous
    Next

    profile content

    profile content

    Use this command to create content profiles, which you can use to match email based upon its subject line, message body, and attachments.

    Unlike antispam profiles, which deal primarily with spam, content profiles match any other type of email.

    Content profiles can be used to apply content-based encryption to email. They can also be used to restrict prohibited content, such as words or phrases, file names, and file attachments that are not permitted by your network usage policy. As such, content profiles can be used both for email that you want to protect, and for email that you want to prevent.

    Syntax

    config profile content

    edit <profile_name>

    config attachment-scan

    edit <index_number>

    set action <action>

    set operator {is | is-not}

    set patterns {archive | audio | encrypted | executable_windows | image | msoffice | openoffice | script | video}

    set status {enable | disable}

    config monitor

    edit monitor <index_int>

    set action <profile_name>

    set dict-score <score_int>

    set dictionary-group <dictionary-group_name>

    set dictionary-profile <dictionary-profile_name>

    set dictionary-type {group | profile}

    set scan-msoffice {enable | disable}

    set scan-pdf {enable | disable}

    set status {enable | disable}

    set action-cdr <action_profile>

    set action-default <action_profile>

    set action-image-analysis <action_profile>

    set action-max-size <action-profile>

    set archive-scan-options {block-on-failure-to-decompress | block-password-protected | block-recursive}

    set cdr-file-type-options {msoffice | pdf}

    set decrypt-password-archive {enable |disable}

    set decrypt-password-num-of-words <number>

    set decrypt-password-office {enable | disable}

    set decrypt-password-options {built-in-password-list | user-defined-password-list | words-in-email-content}

    set defersize <size-in-kb>

    set embedded-scan-options {check-msoffice | check-msoffice-vba | check-msvisio | check-openoffice | check-pdf}

    set html-content-action {convert-to-text | modify-content}

    set html-content-uri-action {click-protection | click-protection-isolator | isolator | keep | remove}

    set html-content-uri-selection {tag-attribute | tag-content}

    set image-analysis-scan {enable | disable}

    set max-num-of-attachment <number>

    set max-size <size-in-kb>

    set max-size-option {message | attachment}

    set max-size-status {enable | disable}

    set remove-active-content {enable | disable}

    set scan options block-fragmented-email

    set scan options block-password-protected-office

    set scan options check-archive-content

    set scan options check-embedded-content

    set scan options bypass-on-smtp-auth

    set scan options check-html-content

    set scan options check-max-num-of-attachment

    set scan options check-text-content

    set scan options defer-message-delivery

    set text-content-action {remove-uri | click-protection}

    end

    Variable

    Description

    Default

    <profile_name>

    Enter the name of the profile.

    To view a list of existing entries, enter a question mark ( ? ).

    action <action>

    Specify the action to use.

    operator {is | is-not}

    Specify the operator.

    is

    patterns {archive | audio | encrypted | executable_windows | image | msoffice | openoffice | script | video}

    Enter the pattern/s that match the email attachment names that you want the content profile to match.

    For multiple patterns, separate each entry with a space.

    status {enable | disable}

    Enable or disable a pattern that matches the email attachment names that you want the content profile to match.

    enable

    monitor <index_int>

    Enter the index number of the monitor profile.

    If the monitor profile does not currently exist, it will be created.

    action <profile_name>

    Enter the action profile for this monitor profile. The FortiMail unit will perform the actions if the content of the email message matches words or patterns from the dictionary profile that the monitor profile uses.

    dict-score <score_int>

    Enter the number of times that an email must match the content monitor profile before it will receive the antispam action.

    1

    dictionary-group <dictionary-group_name>

    Enter the dictionary profile group that this monitor profile will use.

    The FortiMail unit will compare content in the subject line and message body of the email message with words and patterns in the dictionary profiles. If it locates matching content, the FortiMail unit will perform the actions configured for this monitor profile.

    For information on dictionary profiles, see the FortiMail Administration Guide.

    dictionary-profile <dictionary-profile_name>

    Enter the dictionary profile that this monitor profile will use.

    The FortiMail unit will compare content in the subject line and message body of the email message with words and patterns in the dictionary profile. If it locates matching content, the FortiMail unit will perform the actions configured for this monitor profile in profile content-action.

    For information on dictionary profiles, see the FortiMail Administration Guide.

    dictionary-type {group | profile}

    Enter profile to detect content based upon a dictionary profile, or group to detect content based upon a group of dictionary profiles.

    group

    scan-msoffice {enable | disable}

    Enable or disable MS Word document scanning for this profile.

    disable

    scan-pdf {enable | disable}

    Enable or disable PDF document scanning for this profile.

    disable

    status {enable | disable}

    Enable or disable this monitor profile.

    disable

    action-cdr <action_profile>

    Specify the action profile to use.

    action-default <action_profile>

    Enter a content action profile to be used by all the content filters except for the encrypted email, which can have its own action. See below for details.

    action-image-analysis <action_profile>

    For the image email file type, you can use a content action profile to overwrite the default action profile used in the content profile.

    action-max-size <action-profile>

    Specify the action profile to use for message over maximum size.

    block-on-failure-to-decompress

    Enter to apply the action configured in profile content-action if an attached archive cannot be successfully decompressed in order to scan its contents.

    block-password-protected

    Enter to apply the action configured inprofile content-action if an attached archive is password-protected.

    block-recursive

    Enable to block archive attachments whose depth of nested archives exceeds archive-max-recursive-level <depth_int>.

    archive-max-recursive-level <depth_int>

    Enter the nesting depth threshold. Depending upon each attached archive’s depth of archives nested within the archive, the FortiMail unit will use one of the following methods to determine whether it should block or pass the email.

    • The archive-max-recursive-level is 0, or attachment’s depth of nesting equals or is less than archive-max-recursive-level: If the attachment contains a file that matches one of the other MIME file types, perform the action configured for that file type, either block or pass.
    • The attachment’s depth of nesting is greater than archive-max-recursive-level: Apply the block action, unless you have disabled block-recursive, in which case it will pass the MIME file type content filter. Block actions are specified in the profile content-action.

    12

    cdr-file-type-options {msoffice | pdf}

    Specify the file type for content disarm and reconstruction.

    decrypt-password-archive {enable |disable}

    Enable or disable to decrypt password protected archives.

    disable

    decrypt-password-num-of-words <number>

    Specify the number of words adjacent to the keyword to try for archive decryption.

    5

    decrypt-password-office {enable | disable}

    Enable to decrypt password protected Office files.

    disable

    decrypt-password-options {built-in-password-list | user-defined-password-list | words-in-email-content}

    Specify which kind of password to use to decrypt the archives.

    words-in-email-content

    defersize <size-in-kb>

    Bigger size will be deferred. 0 means no limit.

    0

    embedded-scan-options {check-msoffice | check-msoffice-vba | check-msvisio | check-openoffice | check-pdf}

    Documents, similar to an archive, can sometimes contain video, graphics, sounds, and other files that are used by the document. By embedding the required file within itself instead of linking to such files externally, a document becomes more portable. However, it also means that documents can be used to hide infected files that are the real attack vector.

    Enable to, for MIME types such as Microsoft Office, Microsoft Visio, OpenOffice.org , and PDF documents, scan files that are encapsulated within the document itself.

    html-content-action {convert-to-text | modify-content}

    Specify the action towards hypertext markup language (HTML) tags in email messages:

    • convert-to-text: Convert the HTML content to text only content.
    • modify-content: Set to determine active content handling and URI processing (see html-content-uri-selection and remove-active-content respectively).

    modify-content

    html-content-uri-action {click-protection | click-protection-isolator | isolator | keep | remove}

    Specify HTML content URI tag handling in email messages:

    • click-protection: Rewrite the URIs and in case the user clicks on the URIs, scan the URIs and then take the configured actions.
    • click-protection-isolator: Redirect to Click Protection and FortiIsolator. If the rewritten URL matched FortiIsolator URL category and passed Click Protection handling category, it is opened in FortiIsolator.
    • isolator: Redirect to FortiIsolator.
    • keep: Keep URI tags.
    • remove: Remove URI tags.

    click-protection

    html-content-uri-selection {tag-attribute | tag-content}

    Select URIs to process from specified parts of HTML.

    This field applies only if html-content-action is modify-content.

    tag-attribute

    image-analysis-scan {enable | disable}

    If you have purchase the adult image scan license, you can enable it to scan for adult images.

    You can also configure the scan sensitivity and image sizes under Security > Other > Adult Image Analysis.

    disable

    max-num-of-attachment <number>

    Specify how many attachments are allowed in one email message. The valid range is between 1 and 100. The default value is 10.

    10

    max-size <size-in-kb>

    Enter the size threshold in kilobytes. Delivery of email messages greater than this size will be deferred until the period configured for oversize email.

    To disable deferred delivery, enter 0.

    10240

    max-size-option {message | attachment}

    Specify either the message or attachment for the size limit.

    message

    max-size-status {enable | disable}

    Enable to apply the maximum size limits.

    disable

    remove-active-content {enable | disable}

    Enable to remove active content.

    This field applies only if html-content-action is modify-content.

    enable

    block-fragmented-email

    Enable to detect and block fragmented email.

    Some mail user agents, such as Outlook, are able to fragment big emails into multiple sub-messages. This is used to bypass oversize limits/scanning.

    disable

    block-password-protected-office

    Enable to apply the block action configured in the content action profile if an attached MS Office document is password-protected, and therefore cannot be decompressed in order to scan its contents.

    disable

    check-archive-content

    Enable to check for archived attachments.

    check-embedded-content

    Enable to check for embedded contents.
    Documents, similar to an archive, can sometimes contain video, graphics, sounds, and other files that are used by the document. By embedding the required file within itself instead of linking to such files externally, a document becomes more portable. However, it also means that documents can be used to hide infected files that are the real attack vector.

    bypass-on-smtp-auth

    Enable to omit antispam scans when an SMTP sender is authenticated.

    disable

    check-html-content

    Enable to detect hypertext markup language (HTML) tags and, if found:

    apply the action profile

    add X-FEAS-ATTACHMENT-FILTER: Contains HTML tags. to the message headers

    This option can be used to mitigate potentially harmful HTML content such as corrupted images or files, or phishing URLs that have been specially crafted for a targeted attack, and therefore not yet identified by the FortiGuard Antispam service.

    Depending on the action profile, for example, you could warn email users by tagging email that contains potentially dangerous HTML content, or, if you have removed the HTML tags, allow users to safely read the email to decide whether or not it is legitimate first, without automatically displaying and executing potentially dangerous scripts, images, or other files (automatic display of HTML content is a risk on some email clients).

    Caution: Unless you also select replace for the action in the content action profile, HTML will not be removed, and the email will not be converted to plain text. Instead, the FortiMail unit will only apply whichever other action profile “block” action you have selected.

    To actually remove HTML tags, you must also select replace.

    If you select Replace, all HTML tags will be removed, except for the minimum required by the HTML document type definition (DTD):

    <html>

    <head>

    <body>

    Stripped body text will be surrounded by <pre> tags, which is typically rendered in a monospace font, causing the appearance to mimic plain text.

    For linked files, which are hosted on an external web site for subsequent download rather than directly attached to the email, the FortiMail unit will download and attach the file to the email before removing the <img> or <embed> tag. In this way, while the format is converted to plain text, attachments and linked files which may be relevant to the content are still preserved.

    For example, in an email that is a mixture of HTML and plain text (Content‑Type: multipart/alternative), and if the action profile’s “block” action is replace, the FortiMail unit would remove hyperlink, font, and other HTML tags in the sections labeled with Content-Type: text/html. Linked images would be converted to attachments (The MIME Content‑Type: text/html label itself, however, would not be modified).

    check-max-num-of-attachment

    Enable to specify how many attachments are allowed in one email message. The valid range is between 1 and 100. The default value is 10.

    check-text-content

    Enable to check the URI in the text part of the messages.

    defer-message-delivery

    Enable to defer mail delivery from specific senders configured in policy to conserve peak time bandwidth at the expense of sending low priority, bandwidth consuming traffic at scheduled times. For example, you can apply this function to senders of marketing campaign emails or mass mailing.

    text-content-action {remove-uri | click-protection}

    Remove URIs: Removes URIs in the text parts of email messages.

    Click Protection: Rewrite the URIs and in case the user clicks on the URIs, scan the URIs and then take the configured action.

    remove-uri

    Related topics

    profile content-action

    Previous
    Next