Restrict attachments by file type

Attachment Checker allows admin to restrict the types of attachment uploaded through File Type Blocking.


2 layers of filter

The file type blocking consist of the extension check and mime type check.

Extension check is based on the filename of the attachment. For example, if filename is myAttachment.jpg, the extension will be jpg.

Mime type check is based on the contents of the attachment. It prevents the bypass of extension check by renaming or removing the extension.

Apache Tika is used to detect the mime type of the attachment uploaded.

Refer to Supported Document Formats to find out which file types are supported.


2 filter modes

Attachments can be filtered based on:

  • Allowlist → Only file types listed are allowed to be uploaded

  • Denylist → Only file types listed are blocked from being uploaded

Allowlist

Denylist

Allowlist

Denylist

For example, extensions is configured to: jpg, png, gif, svg

Only the following files will be allowed:

jpg, jpeg, jpe, jif, jfif, jfi, png, gif, svg, svgz

For example, extensions is configured to: exe

Only the following files will be blocked:

exe, dll, com


You can use the following list of extensions:

1 gif, jpg, png, txt, log, xml, doc, docx, xls, xlsx, ppt, pptx, pdf
  • Images: gif, jpg, png

  • Text files: txt, log, xml

  • Office documents: doc, docx, xls, xlsx, ppt, pptx, pdf

Refer to Which file types are safe for more info.