- cbnaAsked on October 05, 2017 at 02:11 PM
As of today, Office 365 started detecting the JotForm PDF attachments by email as malware and automatically stripping the attachments. Microsoft does not seem to allow a way to release the email with the attachment from malware quarantine or make a policy exception even though it is clearly a false positive.
I am guessing this is because of the file naming ###################.pdf
The alert message is
Zero-Hour Auto Purge
Malware was detected in one or more attachments included with this email message.
Action: All attachments have been deleted.
Any suggestions to make this work again?
- JotForm SupportKiranAnswered on October 05, 2017 at 03:25 PM
This must be a false positive issue from Office365. Please try adding jotform.com domain to the whitelist or add the JotForm email address in the safe sender list.
Also, please review the spam filter settings in the Admin center. Please refer to the guide below for more information on ZAP of Office365.
Please let us know how it goes after changing the settings in Office365. We will be happy to take a look again.
- cbnaAnswered on October 05, 2017 at 04:36 PM
No way to make an exception if in Malware quarantine instead of Spam or change transport rules. If you "Release" from quarantine it strips attachment, but noticed if you "Release and Report" as false positive it does keep attachment. That is sufficient solution for now and does not appear it was filtering all submissions, only a subset.
- Jeffrey HuntAnswered on October 10, 2017 at 12:47 PM
I'm currently experiencing the same issue in that a subset of reports that get submitted daily are being flagged by Exchange Online (Office 365) as containing malware with a malicious payload. This has only been occurring for the last 4-5 days. What would cause Exchange Online to suddenly start flagging JotForm .pdf attachments as malware?
- JotForm SupportNik_CAnswered on October 10, 2017 at 01:12 PM
I could happen that Microsoft did some changes in how they are filtering messages, so it could happen that the name of the PDF is triggering the Office365 to mark them as Malware.
Did you try the above solution from the cbna user, with "Release and report"?