Re: how to block archive attachements that contain .exe

atef yamin · ‎02-13-2013

Hi All,

We have Ironport C150 and are getting lots of emails with attachments (archive type) that contain .exe viruses.

Can anyone help me implement a filter where i can strip off the attachments that

1- are archive

AND

2- contain .exe files

much appreciated

Andreas Mueller · ‎02-18-2013

Hello Atef,

this should be done rather by a virus scanner (Sophos/McAfee) than by a filter, which most likely will cause some false positives. For instance, a possible approach looks like this:

Filter Condition: Attachment File Info -> File Type is: - - exe
Filter Action: Strip Attachment by -File Info -> File Type is: Compressed

This works well when there is only one attachment to a message, and that attachment is an archive with an exe file. However, in case a message comes with two attachment, where one of them is an archive and the other an exe file, the archive will be stripped.

Hope that helps,

Andreas

how to block archive attachements that contain .exe

Re: English Events - Archived

Webex App - .exeインストールと.msiインストールについての紹介

Secure Access: Block Page が表示されない

need to block exe file

[UCS-C] CIMC UI 上での DIMM Block Listing 設定項目について