To totally unlock this section you need to Log-in
Login
Let's face it, a lot of malware comes inside zip files through E-mail. Wouldn't it be nice to just block these file from getting through? In this article, we are going to show you how to block zip files and other problematic file types by utilizing Exchange transport rules.
First, identify the types of files you want to block: .rar, .pif, .vb, .ws, .hta, .sys, .exe, .zip, .com, .bat and .scr are common problem files.
We are going to create two different rules.
Rule # 1: Since .zip files are sometimes used to encrypt legitimate data, we want to make sure that we let the sender know that we do not accept these types of files by rejecting them with an NDR (non-delivery reply). This way, they are not left thinking that their e-mail has reached the intended recipient.
Rule # 2: Since the rest of the files listed are usually viral in nature when sent through E-mail, we are going to reject those without notification.
Open Exchange Management Console and navigate to Organization Configuration > Hub Transport and click on the Transport Rules tab.
Rule # 1: Block ZIP Files and Notify the Sender that their ZIP File was Blocked by Exchange
Click on New Transport Rule in the Actions pane. Give the transport rule a friendly name.
In the Conditions, select 'when any attachment file name matches text patterns' and then click the text patterns link as in the following image:
Type .zip in the text patterns field, click on the green + sign to add the text and then click Next.
In Actions , select 'send rejection message to sender with enhanced status code' then click on the rejection message link as in the following image:
Write a brief bounce back message then click on the enhanced status code link.
Specify an NDR Code; use either 5.7.1 or any value from 5.7.10 – 5.7.999.
Click Next. The next section is an exception rule. If you want certain people to be able to send you zip files, this is where you can create an exception rule. I like to use 'when the subject field contains specific words'. This allows me to give legitimate zip file senders a sort of 'secret code word' that they can insert in the subject line to get their zip files trough!
Finally, click on the New button to create the rule.
Finished, now let's create the second rule.
Rule # 2: Block Malicious Files without Notification
Rule number two will not notify the sender of the rejection since most of the files we are going to exclude will come from spammers.
Once again, click on New Transport Rule in the Actions pane.
Give your transport rule a friendly name.
Click 'when any attachment file name matches text patterns' and then click the text patterns link as in the following picture:
Complete your blacklist of attachment extensions by entering one by one.
When finished, click Next. In Actions, click on 'delete the message without notifying anyone' or any other action you find appropriate.
Create exceptions to the rule (if you like) and then click Finish. The rules should take effect immediately.
At last...what are transport rules?
Rule Agents
There are two types of rule agents to establish policies for messages.
The edge rule agent sits on all servers that have applied an edge transport rule. This agent is used primarily to fight malware.
The transport rule agent sits on hub transport servers in the Exchange organization. You will use this agent to apply the policies relating to matters such as regulatory compliance and corporate policy.
Conditions
The condition is the part of the rule that will trigger the exchange transport rule. You could set up a condition based on any part of an email, such as its header, sender or recipient of the message. If a message passes through the server that doesn't meet your conditions, it will move forward.
If it meets any of your conditions, the message will not proceed forward. You also can set up exceptions to the general conditions. If a message meets a condition but also falls under an exception, it will move forward. If it does not meet the exception, it will continue to go through the rule processing.
Application of Rule
The final stage in the exchange transport rules is when the system takes the appropriate action to enforce the rule. At this point, messages that have met the conditions but not the exceptions have the appropriate action taken on them.
For instance, the system could reject a message from an external source that could create a virus infection, and it could block email from an internal source to an inappropriate external source.