Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Implementing Edge Services for an Exchange 2010 Environment : Filtering Content in a Message Attachment

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
3/21/2011 8:58:51 PM
The Microsoft Exchange Edge Transport server can also filter content within attachments of a message. There are times when an organization wants to prevent offensive or malicious content being stored in a Word document, Hypertext Markup Language (HTML) attachment, and so on from being transmitted to users in a network, so a filter can be configured to identify and handle incoming attachment messages.

Understanding Attachment Filtering Processing

A powerful tool in the fight against computer viruses and other malicious email attachments is the use of attachment filtering. Attachment filtering allows you to identify a specific filename or all files of a particular type using Multipurpose Internet Mail Extensions (MIME) recognition. Attachment filtering can be applied to both incoming and outgoing email. This allows you the flexibility of implementing attachment distribution that complies with business requirements or policy. For example, you can choose to block all executable file types (for example, .bat, .exe, .scr) on inbound email to help prevent the spread of new computer viruses or distribution of unacceptable content. On outbound connections, you could elect to block distribution of particular files by name (for example, tradesecrets.doc, salaryinfo.xls), which can help prevent proprietary information from being accidentally or purposefully distributed. SMTP Send and Receive Connectors can be included or excluded from attachment filtering.

Note

Changes described in this section are applied only to the local system. This is important if you have more than one Edge Transport server in your environment.


Planning Attachment Filtering Processing

One limitation to attachment filtering is that it can only be configured using the Exchange Management Shell. No attachment filtering options are available in the Exchange Management Console.

Exchange Server 2010, Outlook 2007, and Active Directory’s Group Policy can work together to orchestrate implementation of an organization’s policy on email attachments. Outlook 2007 includes an enabled default list of Level 1 attachments—attachments that will not be allowed. The Level 1 attachment list was derived from their known or potential ability to carry malicious code. Level 2 attachments are attachments that will initiate a prompt requiring that the user first download the attachment prior to running it. This allows any locally installed antimalware product the opportunity to scan the attachment for viral code that might have bypassed email virus scanning, albeit a rare circumstance, but not impossible. By default, there are no Level 2 file types defined in Outlook 2007.

There are over 70 Level 1 files included in Outlook 2007. Some examples of Level 1 file types are shown in the following list. For a complete list, refer to the Microsoft Outlook 2007 documentation:

  • asp— Active Server Page

  • crt— Certificate file

  • .hta— Hypertext application

  • .msc— Microsoft Management Console snap-in

  • .msh— Microsoft Shell

Using Group Policy, an administrator can “open up” Level 1 attachments to users so they can choose whether to accept the attachment and/or make modifications to the Level 1 and Level 2 attachment lists. Alternatively, administrators can take full control of this functionality. This flexibility, unfortunately, can pose a security risk. To offset this risk, administrators can use the attachment-filtering component on an Edge Transport server to block specific attachments, regardless of the configuration in place on internal email systems.

First, you need to determine what attachments and/or types of attachments you want blocked and in what direction(s) attachment filtering should take place: inbound, outbound, or both. If you will be blocking a specific attachment, implement the block using the filename. If you want to block all email attachments of a specific type, add the file extension so it can be identified by its MIME type, regardless of the filename.

After you have decided on which attached files or file types you want to identify in email messages, you also need to determine what you want to do with messages containing those attachments. The default action is to block the attachment and the message (Reject). The available actions you can take on messages and attachments defined in the attachment filter include the following:

  • Reject— Stops delivery of the message and planning attachments to the recipient and sends an undeliverable response to the sender.

  • Strip— Delivers the message to the recipient, replacing the attachment in the message with a notification it has been removed. Any attachment not listed in the attachment filter will still be available to the recipient.

  • SilentDelete— Similar to the Reject action in that the message and attachment aren’t delivered; however, the SilentDelete action does not send an undeliverable notification to the sender.

Using the Exchange Management Shell to Configure Attachment Filtering

Attachment filtering, as previously mentioned, can only be configured through the Exchange Management Shell. Each shell command has its own parameters you can set based on the action(s) performed by the command. There are four commands: Get, Add, Remove, and Set. Each command works with one or more IP Block and Allow List components.

The Get- command is used to retrieve the configuration of a component. For example, entering Get-AttachmentFilterEntry filename displays the result of whether that file is being identified in messages.

The Add- command can be used to add an entry to the Attachment Filter Agent. The following example adds a filename to be blocked:

add-AttachmentFilterEntry -name virus.exe -type FileName

The Remove- command can be used to remove an attachment filter entry. The following example removes an entry by filename:

remove-AttachmentFilterEntry -Identity filename:virus.exe

The Set- command allows an administrator to modify the configuration of the attachment filter. In attachment filtering, it is primarily used to set the action. The following example configures the action and response options:

Set-AttachmentFilterListConfig -Action Reject -RejectResponse "Attachment type not allowed."				  
Other -----------------
- Implementing Edge Services for an Exchange 2010 Environment : Using Content Filtering to Allow and Reject Domain-Level Content
- Implementing Edge Services for an Exchange 2010 Environment : Fine-Tuning Content Filtering
- Windows Server 2003 : Configuring Remote Access Connections (part 2) - Configuring Remote Access Authentication
- Windows Server 2003 : Configuring Remote Access Connections (part 1) - Using Remote Access Client Addressing
- Windows Server 2008 R2 : Remote Desktop Services - Why Implement Remote Desktop Services
- Windows Server 2008 R2 : Server-to-Client Remote Access and DirectAccess - Connection Manager
- Manage the Active Directory Domain Services Schema : Activate Attributes
- Manage the Active Directory Domain Services Schema : Deactivate Attributes
- Manage the Active Directory Domain Services Schema : Create Attributes
- Implementing Edge Services for an Exchange 2010 Environment : Using Content Filtering to Isolate Inappropriate Content
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
programming4us
Natural Miscarriage
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Game Trailer