Hi,
We are using following message filter to drop the mentioned file name attachments.However it is not working effectively when they are compressed in the zip files. Looks like there is a bug in our OS. So, we want to use attachment-filetype instead of attachment-filename to restrict these files passing through the appliances without bringing in any other issues with this change. Any help is appreciated.
restrict_malicious_filename: if (recv-listener == "Inmx") AND (attachment-filename ==
"\\.(386|ad|ade|adp|cmd|cnt|com|cpl|crt|csh|der|exe|fxp|gadget|grp|ksh|lib|lnk|mad|maf|mag|mam|maq|mar|mas|mat|mau|mav|maw|mcf|mda|mmsp|mst|nsh|ocx|ops|osd|pcd|pif|psc1|psc2|pst|reg|scf|scr|sct|vbs|vbp|vs|vss|vst|vsw|vxd|ws|wsc|wsf|wsh|xbap|xnk)$") {
drop();
}