locked
stop virus attachments RRS feed

  • Question

  • Dear readers please give me advice!

    1.: We are getting viruses attached to emails. The attachments are blocked. My question is if the attachment is recognised as a virus, and blocked, why does the email getting delivered, to the users mailbox. In exchange admin center\ protection there is entry, which is configured by default to delete the whole messeage, if virus is detected. 

    Maybe the problem is that the virus is only detected at client side, and the antivirus running on the client is blocking the attachment?


    Thursday, August 24, 2017 2:46 PM

All replies

  • check the link below. there was a patch released in July which impacted outlook 2010.

    https://support.office.com/en-us/article/Outlook-known-issues-in-the-June-2017-security-updates-3f6dbffd-8505-492d-b19f-b3b89369ed9b

    You might have to uninstall a patch.


    ZakBhai

    Thursday, August 24, 2017 7:16 PM
  • HI!

    Thank you for your reply. I encountered before this "patch", we already installed the fixes. We are using Outlook 2016 / Office 365 proplus mostly.

    Friday, August 25, 2017 5:49 AM
  • New idea: i created a new rule at exchage admin center\ protection. In this rule i can give the rule scope, for eg. i set the rule if the recipient domins is... gave some of our domains. Not sure, if the default rule was working, there were no scopes set.
    • Edited by petersonal Friday, August 25, 2017 6:33 AM
    Friday, August 25, 2017 6:33 AM
  • Hi Pertersonal,

    According to your description, it seems that there is an attachment filtering rule on Edge Transport server, details see: Attachment filtering on Edge Transport servers

     You configure one of the following actions for all the messages that match any of the attachment filters:

    • Reject (block) the message   The message is blocked. The sender receives a non-delivery report (also known as an NDR, delivery status notification, DSN, or bounce message) that explains that the message wasn't delivered because it contained an unacceptable attachment. You can customize the text in the NDR. The default text is: Message rejected due to unacceptable attachments.

    • Strip the attachment but allow the message through   The attachment is removed from the message. However, the message itself and any other attachments that don't match the filter are allowed through. If an attachment is stripped, it's replaced with a text file that explains why the attachment was removed. This is the default action.

    • Silently delete the message   The message is deleted. Neither the sender nor the recipient receives notification.

    Best Regards,


    Niko Cheng
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Niko.Cheng Friday, September 1, 2017 10:13 AM
    Friday, August 25, 2017 9:31 AM
  • Hey,

    great idea, i loved it, until i remembered, we do not have edge transport server installed. I'd like, but do not have the resources for another server. 

    My other idea is not working too. Tested with an eicar file(test virus file). No luck.

    Friday, August 25, 2017 2:30 PM
  • Hi Petersonal,

    Have you deployed any other antivirus program on your Exchange environment?

    Maybe just outlook client block the attachment:

    Blocked attachments in Outlook

    To help protect your computer, Outlook doesn’t allow you to receive files of certain types (such as .exe files) as attachments, because of their potential for introducing a virus into your computer. By default, Outlook will block these file types. If you're using Microsoft Exchange Server, typically only the email server administrator can unblock these file types.

    Best Regards,


    Niko Cheng
    TechNet Community Support


    Please remember to mark the replies as answers.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 5, 2017 3:21 AM