To filter file attachments by type, create a * file filter and select the file types you want filtered in the File Types section of the Administrator console. For example, create the filter * and set the File Types to MP3. This will ensure that all MP3 files are filtered regardless of their file name or extension. Even if the file is renamed it will still be filtered. For example, if the file extension is renamed from .MP3 to .xyz, it will still be detected by the MP3 filter you configured.
One advantage of setting a generic * filter and associating it with a certain file type is that it reduces the chance of false positives since FSE will look at the file header information instead of the file name. Therefore, it is recommended that you use this configuration whenever possible.
Note: There is additional information on configuring file type filters for Office 2007 and older files in the Forefront/Antigen User Guides.
Filtering by file extension
To filter files that have a specific extension, you can create a generic filter for the extension and set the File Types selection to All Types.
For example: Create the filter *.exe* and set the File Types selection to All Types. The second asterisk (*) will prevent files with extra characters appended after the file extension from bypassing the filter. This ensures that all files with an .exe extension are filtered.
You can also set the File Types to a specific type. However, when doing so the file extension and file type must both match for the filter to be applied correctly. If the file extension filter does not match the extension of the attached file, the specified action will not be applied regardless of the file type.
File Filter File Type Action
1) *.rtf DOC Skip: Detect only
2) * All Types Delete: remove contents
If you send through an attachment with a .doc extension, for example filename.doc, it will be deleted rather than skipped. The first action listed of Skip will not be applied but the second (Delete) will be. Even though FSE will recognize the file as a Word doc, the file extension doesn't match the first extension filter of *.rtf. Even if you set the first filter to All Types instead of DOC, the attached file still won't match the filter because it does not have a .rtf extension.
However, if the file extension matches, the File Type is checked to see if it too matches, and if so, the Action is applied, even on renamed files.
1) *.doc DOC Delete: remove contents
If you rename an .exe to a .doc, Antigen will not remove it. Although the file extension matches the filter, FSE is able to determine that the file is not a valid DOC file; therefore it does not match the file type you configured.
In summary, the following are the recommended methods for configuring a file filter:
· Create a * file filter and select the specific File Types (for example, DOC) you want filtered.
· Create a generic filter for the extension (for example, *.exe*) and set File Types to All Types.
· Create a generic filter for the extension (for example, *.exe*) and set File Types to a specific type. Note that this is the riskiest method since you must be sure of the file type and file extension when creating such a filter.
The Forefront Security for Exchange Server User Guide describes the following additional topics related to file filtering:
Holly Kipp CSS Security Support Engineer (Antigen/Forefront Server Security)