Ask a question

Search Forums:

• Search Forefront Protection 2010 for Exchange Server Forum
• Search All Forefront Codename 'Stirling' Forums
• Search All Microsoft TechNet Forums

 

Compressed file scanning

• Tuesday, March 17, 2009 7:50 PMBJF01

   
  

  0

  Sign In to Vote

  I am trying to figure out why Forefront for exchange is not scanning inside .zip files for inbound mail.  I have Forefront configured to block/quarantine .exe files in email.   From an outside email account I send an email with a .exe attachment.  I then get a message from Forefront saying it has quarantined the email (okay, all good).  Now is use WinZip and zip the .exe file. I then send another test email with the .zip file attached.  This time the message comes thru and the attachment is replaced by a .txt file which says “The attachment has been removed”.  This is exchange ‘attachment filter’ removing the attachment and not Forefront.  There is no log in Forefront that I can see, showing if the message was even scanned by Forefront.

  I’ve verified the transport-agent settings in exchange ‘FSE Routing Agent’ has priority ‘10’ and ‘Attachment Filter Agent’ priority ‘11’.

  My file filters in forefront are as follows:

   

  Filter list named "FileTypeFilter" with *.* in the list. File types selected are 'ani' 'arc' 'arj' 'dataz' 'exe' 'is_uninst' 'iscab' 'jar' 'javaclass' 'mac' 'mscab' 'mslibrary' 'obj' 'pif' 'rar' 'sfxexe' Set to enable with action delete remove contents and 'Send notification' and 'quarantine files' selected.

   

  Second filter list named "Restricted Files" with *.exe* among others in the list. File types are set to 'All Types' The filter is enabled with action set to delete remove contents and 'Send notification' and 'Quarantine Files' selected.

  • Reply
  • Quote