KB Article | Forcepoint Support

Problem Description

I have an email that was quarantined as "format [long words]". What does this mean?

Resolution

The quarantine disposition "format [long-words]" refers to an email where there is an unbroken string of 196 characters or more in one of the mail headers, including the To: or Cc: fields, as well as the attachment MIME headers.
 

The reason the message is quarantined is that it potentially allows malicious code execution in a variety of mail clients, for example, some versions of Microsoft Outlook and Microsoft Outlook Express (see https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-043).

If this rule is causing you problems on a regular basis, it is possible for us to turn it off in a policy in either the inbound or outbound direction, or both. However, this would theoretically decrease the level of protection you have from potentially malicious content. It is fairly safe to turn off, as this is more of a theoretical than a realistic threat. (Most email clients have now been patched for this vulnerability.)  However, the option exists because we take an extremely skeptical approach to the security of our customer's email.

HOW TO TURN OFF THIS SCAN:

  1. Login to your cloud portal and go to Email > Policies > [policy] >  Antivirus.
  2. Click Edit under Inbound Rules or Outbound Rules.
  3. Uncheck the box for Strict Checks on Message Structure.
  4. Click Submit to commit the change.
Note This is a policy-wide change. If you would prefer to keep this change specific to particular sender/recipient pairs, raise a case to have Tech Support create a Mail Custom Rule (MCR) to apply to your policy.

 

Article Feedback



Thank you for the feedback and comments.