Glad its working.  I will also note that, with this filter, not only does it pick up on file extension names, but the  attachment-filetype == "Executable" works well against someone renaming an exe to txt, or even a DOC with an executable inside it.  ... View more

You can do this as a message filter or incoming content filter. This action is a content filter that will quarantine the message. This will look for any file extensions that are in a zip file, doc, and more. Obviously you can change the action, but this is the base information. likely_harmful_attachments_Quarantine: if (attachment-filename == "\\.(ace|apk|app|bat|cmd|com|command|cpl|csh|dll|exe|gadget|hta|inf1|ins|inx|ipa|isu|job|jse|ksh|lnk|msc|msi|msp|mst|osx|out|paf|pif|prg|ps1|reg|rgs|run|scr|sct|shb|shs|u3p|vb|vbe|vbs|vbscript|workflow|ws|wsf|rar|7z|7zip|cpl|js|cab|jsp|class)$") OR (attachment-filetype == "Executable") { quarantine("Bad Quarantine"); log-entry("<===>Not authorized file type! Contact Tech Support for approval! <===>"); notify ("techsupport@yourdomain", "Dangerous Attachment Quarantined", "noreply@yourdomain.com", "Dangerous Attachment"); } ... View more