With Attachment Password Guessing, Cloud App Security attempts
to find passwords in email content (subject, body, and attachment names) to access
password-protected attachments, making it possible to detect any malicious payload
in these files.
Attachment Password Guessing is available only after you turn on the Malware Scanning
filter or Virtual Analyzer filter. This feature supports the following services,
attachment file types, and email languages.
|
Services
|
Attachment File Types
|
Email Languages
|
||
|
|
|
Procedure
- In Cloud App Security, go to .
- Turn on Enable Attachment Password Guessing.Cloud App Security uses both predefined and user-defined password extraction rules to extract passwords from an email.
- Add user-defined password extraction rules.
- Under Custom Password Extraction Rules, click Add to define rules that you want Cloud App Security to use to extract passwords from an email.
- On the Add Custom Password Extraction Rule
screen, use regular expressions to specify the following
parameters:
Note
Make sure the regular expressions follow the expression formats defined in Perl Compatible Regular Expressions (PCRE). For more information on PCRE, visit the following website: http://www.pcre.org/.-
Preceding Text: The text preceding a password in an email.
-
Password: The password in an email.
-
Subsequent Text: The text following a password in an email.
-
- Optionally make the rule case sensitive.
- Input Test Data.Input the email content that you expect the rule to match.
- Click Test to verify that the rule can match the
test data.The Test Result highlights the extracted password.
- Click Save.
- Click Edit to change a custom password extraction rule.
- Click Delete to delete one or multiple custom password extraction rules.