Saturday, 12 March 2016

Do you know, attachment can be inspected



IC728984
Attachments can be inspected by creating Exchange Transport rules, We had this option earlier however not really worked as expected, Now it is working as expected. This article applies for Exchange & Office365.
Below source : Technet

Conditions can be applied for transport rules:
Condition name in EACCondition name in the ShellDescription
Any attachment file name matches these text patternsAttachmentNameMatchesPatternsThis condition matches messages with supported file type attachments when those attachments have a name that contains the characters you specify.
Any attachment file extension includes these wordsAttachmentExtensionMatchesWordsThis condition matches messages with supported file type attachments when the file name extension matches what you specify.
Any attachment size is greater than or equal toAttachmentSizeOverThis condition matches messages with supported file type attachments when those attachments are larger than the size you specify.
Any attachment didn’t complete scanningAttachmentProcessingLimitExceededThis condition matches messages when an attachment is not inspected by the transport rules agent.
Any attachment has executable contentAttachmentHasExecutableContentThis condition matches messages that contain executable files as attachments. The supported file types are listed here.
Any attachment is password protectedAttachmentIsPasswordProtectedThis condition matches messages with supported file type attachments when those attachments are protected by a password.
The Exchange Management Shell names for the conditions listed here are parameters that require theTransportRule cmdlet.
Learn more about the cmdlet at New-TransportRule.
Learn more about property types for these conditions at Conditions and Condition Properties for a Mailbox Server.
The transport agent uses true type detection by inspecting file properties rather than merely the file extensions. This helps to prevent malicious hackers from being able to bypass your rule by renaming a file extension. The following table lists the executable file types supported by these conditions. If a file is found that is not listed here, the AttachmentIsUnsupported condition is triggered.

Type of fileNative extension
Self-extracting archive file created with the WinRAR archiver..rar
32-bit Windows executable file with a dynamic link library extension..dll
Self-extracting executable program file..exe
Java archive file..jar
Uninstallation executable file..exe
Program shortcut file..exe
Compiled source code file or 3-D object file or sequence file..obj
32-bit Windows executable file..exe
Microsoft Visio XML drawing file..vxd
OS/2 operating system file..os2
16-bit Windows executable file..w16
Disk-operating system file..dos
European Institute for Computer Antivirus Research standard antivirus test file..com
Windows program information file..pif
Windows executable program file..exe

No comments:

Post a Comment

Google+ Followers

Blog Archive