How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011


To totally unlock this section you need to Log-in


Login
Let's face it, a lot of malware comes inside zip files through E-mail. Wouldn't it be nice to just block these file from getting through? In this article, we are going to show you how to block zip files and other problematic file types by utilizing Exchange transport rules.

First, identify the types of files you want to block: .rar, .pif, .vb, .ws, .hta, .sys, .exe, .zip, .com, .bat and .scr are common problem files.

We are going to create two different rules.

Rule # 1: Since .zip files are sometimes used to encrypt legitimate data, we want to make sure that we let the sender know that we do not accept these types of files by rejecting them with an NDR (non-delivery reply). This way, they are not left thinking that their e-mail has reached the intended recipient.

Rule # 2: Since the rest of the files listed are usually viral in nature when sent through E-mail, we are going to reject those without notification.

Open Exchange Management Console and navigate to Organization Configuration > Hub Transport and click on the Transport Rules tab.

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

Rule # 1: Block ZIP Files and Notify the Sender that their ZIP File was Blocked by Exchange

Click on New Transport Rule in the Actions pane. Give the transport rule a friendly name.

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

In the Conditions, select 'when any attachment file name matches text patterns' and then click the text patterns link as in the following image:

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

Type .zip in the text patterns field, click on the green + sign to add the text and then click Next.

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

In Actions , select 'send rejection message to sender with enhanced status code' then click on the rejection message link as in the following image:

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

Write a brief bounce back message then click on the enhanced status code link.

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

Specify an NDR Code; use either 5.7.1 or any value from 5.7.10 – 5.7.999.

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

Click Next. The next section is an exception rule. If you want certain people to be able to send you zip files, this is where you can create an exception rule. I like to use 'when the subject field contains specific words'. This allows me to give legitimate zip file senders a sort of 'secret code word' that they can insert in the subject line to get their zip files trough!

Finally, click on the New button to create the rule.

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

Finished, now let's create the second rule.

Rule # 2: Block Malicious Files without Notification

Rule number two will not notify the sender of the rejection since most of the files we are going to exclude will come from spammers.

Once again, click on New Transport Rule in the Actions pane.

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

Give your transport rule a friendly name.

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

Click 'when any attachment file name matches text patterns' and then click the text patterns link as in the following picture:

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

Complete your blacklist of attachment extensions by entering one by one.

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

When finished, click Next. In Actions, click on 'delete the message without notifying anyone' or any other action you find appropriate.

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

How to block Zip Files in Exchange 2007, Exchange 2010 or SBS 2011

Create exceptions to the rule (if you like) and then click Finish. The rules should take effect immediately.

At last...what are transport rules?

Rule Agents

There are two types of rule agents to establish policies for messages.

The edge rule agent sits on all servers that have applied an edge transport rule. This agent is used primarily to fight malware.

The transport rule agent sits on hub transport servers in the Exchange organization. You will use this agent to apply the policies relating to matters such as regulatory compliance and corporate policy.

Conditions

The condition is the part of the rule that will trigger the exchange transport rule. You could set up a condition based on any part of an email, such as its header, sender or recipient of the message. If a message passes through the server that doesn't meet your conditions, it will move forward.

If it meets any of your conditions, the message will not proceed forward. You also can set up exceptions to the general conditions. If a message meets a condition but also falls under an exception, it will move forward. If it does not meet the exception, it will continue to go through the rule processing.

Application of Rule

The final stage in the exchange transport rules is when the system takes the appropriate action to enforce the rule. At this point, messages that have met the conditions but not the exceptions have the appropriate action taken on them.

For instance, the system could reject a message from an external source that could create a virus infection, and it could block email from an internal source to an inappropriate external source.