Depending on your site's requirements, you may want to filter out attachments with certain filename patterns or extensions. For example, since video files are usually quite large, you may want to screen out messages containing *.AVI or *.MOV attachments. Of course these tests presume the messages were able to arrive because they did not exceed the value you set as the message size limit.
|
Purpose: |
Check message with any attachment to see if the name matches those found on the BANNED-ATTACHMENT list. |
|
Action: |
Reject if attachment filename matches the patterns in the Banned Attachment list. |
|
Default state: |
Enabled |
|
False Positive: |
This rule is 100% accurate when filenames are explicitly specified. Thus no false positives are expected and this rule should not cause messages to be inappropriately trapped. |
|
Other notes: |
Please review this list. As delivered, only the actual known virus filenames are entered into this list. The *.EXE and other wildcard entries are placed into the Suspicious Attachment list which is quarantined. It is possible to use wildcards such as '?' or '*'. For example to ban all files with the extension of EXE, simply create the entry as: *.EXE To ban files like "VIRUS001.VBS", "VIRUS002.VBS", "VIRUSABC.VBS", create the entry as: VIRUS???.VBS Due to recent virus incursions, it is strongly recommended that you make certain this is rule #1 on the list order of your enabled rules so that it performs first before any other rules. In that way, it will not be possible for another rule (testing the APPROVED-MESSAGE-LEVEL-DOMAINS or APPROVED-MESSAGE-LEVEL-SENDERS list) to accept the message and allow a virus infected attachment to bypass this banned attachment rule. |
|
Purpose: |
Check message with any attachment to see if the name matches those found on the Suspicious Attachment list. The difference between this and the Banned Attachment list is that these attachment files are less likely to causes disasters. An example might be a *.MOV or *.AVI file. |
|
Action: |
Quarantine if attachment filename matches the patterns in the Suspicious Attachment list. |
|
Default state: |
Enabled |
|
False Positive: |
This rule is extremely accurate when filenames are explicitly specified. Thus no false positives are expected and this rule should not cause messages to be inappropriately trapped. The only way a false positive occurs is if you accept attachments with the extensions listed. |
|
Other notes: |
Please review this list. It contains all the wildcard filenames like *.EXE and *.VBS that was excluded from the BANNED-ATTACHMENT list. After review, you may decide you want to move some of these entries to the BANNED-ATTACHMENT list. |