Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1586
Views
0
Helpful
1
Replies

how to block archive attachements that contain .exe

atef yamin
Level 1
Level 1

‎02-13-2013 07:26 AM

Hi All,

We have Ironport C150 and are getting lots of emails with attachments (archive type) that contain .exe viruses.

Can anyone help me implement a filter where i can strip off the attachments that

1- are archive

AND

2- contain .exe files

much appreciated

Labels:
0 Helpful
1 Reply 1

Andreas Mueller
Level 4
Level 4

‎02-18-2013 01:35 AM

Hello Atef,

this should be done rather by a virus scanner (Sophos/McAfee) than by a filter, which most likely will cause some false positives. For instance, a possible approach looks like this:

  1. Filter Condition: Attachment File Info -> File Type is: - - exe
  2. Filter Action: Strip Attachment by -File Info -> File Type is: Compressed

This works well when there is only one attachment to a message, and that attachment is an archive with an exe file. However, in case a message comes with two attachment, where one of them is an archive and the other an exe file, the archive will be stripped. 

Hope that helps,

Andreas

0 Helpful
Customers Also Viewed These Support Documents