Forefront Server Security TechCenter >
Forefront Server Security Forums
>
Forefront Security for Exchange Server
>
Allow rar, zip extensions in MS ForeFront
Allow rar, zip extensions in MS ForeFront
Hi every time I want to send or receive rar file i get this message in email:
FILE QUARANTINEDMicrosoft Forefront Security for Exchange Server removed a file since it was found to match a filter.
File name:
Filter name: "FILE FILTER= unnamed: *.rar"
I have tried to configure the filter in MS ForeFront but with no luck. Can someone tell me how to do it.
Thanks
Answers
- Hi Marian,
Are you sure that this is being caught by your server and not the sending server? Can you see an incident in the incidents page of the Admin MMC? If you are seeing an incident then it is being caught on your server and it is being caught because there is a file filter for files with a filename of *.rar.
If the file filter is on your server it will be either part of a filter list or an individual entry within file filtering. Please go to Admin MMC->Filtering->File, and here you should see 2 buttons at the bottom of the screen, labeled Names and Lists. The names button displays the individual entries and the lists displays the file filter lists. Check the Names first and if you have on for *.rar - please delete this. If there is no *.rar entries under names, check under the lists button, highlighting each list one by one and clicking view list to vioew the contents of this list. When you click view list, the filename entries should appear on the right, click the left arrow to return.
If you can see the incident recorded on this server but the filter is not showing in either the individual entires nor the file filter lists, then this would indicate a corruption of the filterlists.fdb file. To recreate this file, you will need to stop all forefront (and related Exchange) service, rename the filterlists.fdb file to filterlists.old and restart the server/services. Please note, you will have to reconfigure any filters that you previously had configured.
I hope this helps,
Alex- Marked As Answer byMarianxyz Tuesday, August 04, 2009 3:59 PM
All Replies
- Hi Marian,
Have you tried to rename the file from test.rar to test.txt. Forefront performs its file filtering based on filename and file header information. As the file filter above is set to - *.rar - simply renaming the file should allow it to pass through. If you want to stop all rar files, regardless of the filename, you would need a file filter of - * - and a file type of rar.
If you have disabled the file filter on the server and it is still being caught, you will probably find that it is actually a different server that is making the detection. It can be very useful to place the server name in the deletion text to assist in troubleshooting these types of issues. You can also consult the incidents page of the administrator MMC to confirm if the detection occurred on this server. For more information regarding file filtering within Forefront, please see:- http://technet.microsoft.com/en-us/library/bb795068.aspx
I hope this helps,
Alex - Hi Alex,
I want to allow rar files, because the company gets a lot of email messages that are rar compressed and every time I have to go to quarantine and deliver the email manualy.
There is only one exchnage 2007 server in the organization because it is SBS 2008 server. I have tried to find a tutorial on the net, but there are tutorials only to block specific files types or extensions. - Hi Marian,
Are you sure that this is being caught by your server and not the sending server? Can you see an incident in the incidents page of the Admin MMC? If you are seeing an incident then it is being caught on your server and it is being caught because there is a file filter for files with a filename of *.rar.
If the file filter is on your server it will be either part of a filter list or an individual entry within file filtering. Please go to Admin MMC->Filtering->File, and here you should see 2 buttons at the bottom of the screen, labeled Names and Lists. The names button displays the individual entries and the lists displays the file filter lists. Check the Names first and if you have on for *.rar - please delete this. If there is no *.rar entries under names, check under the lists button, highlighting each list one by one and clicking view list to vioew the contents of this list. When you click view list, the filename entries should appear on the right, click the left arrow to return.
If you can see the incident recorded on this server but the filter is not showing in either the individual entires nor the file filter lists, then this would indicate a corruption of the filterlists.fdb file. To recreate this file, you will need to stop all forefront (and related Exchange) service, rename the filterlists.fdb file to filterlists.old and restart the server/services. Please note, you will have to reconfigure any filters that you previously had configured.
I hope this helps,
Alex- Marked As Answer byMarianxyz Tuesday, August 04, 2009 3:59 PM
- Hi Alex,
i am writting you that I haven't forget your post and I will try your solution as soon I can (probably on weekend at night).
m. - I wish to know if the solution provided by Alex did the job. RAR files in Forefront is a nightmare for me now :(
