Filtering on the SMTP Scan Job
Applies to: Microsoft Antigen
It is recommended that you set up a filter list for the SMTP Scan Job that contains the file types that are most likely to be infected.
Additional filtering capabilities can be obtained by using Microsoft® Exchange Server 2003 message filtering (see the Exchange 2003 help topics). One difference between Antigen file filtering and Exchange file filtering is that Exchange filters only the file name, while Antigen attempts to detect and filter files that match the file type, even if the file name has been changed.
Note
You should review this list periodically.
To configure a filter list of potentially dangerous file types
Create a filter list for all files with the following extensions:
Extension Type of file *.ace
Archive file
*.ade
Microsoft Office Access™ Project Extension
*.adp
Microsoft Access Project
*.adt
ACT! Document template
*.app
Executable application
*.asp
Active Server Page file
*.arj
Archive file
*.asd
Word file that always has macros
*.bas
Microsoft Visual Basic® class module
*.bat
Batch file
*.bin
Binary file
*.btm
Batch to memory batch file
*.cbt
Computer-based training
*.ceo
Virus
*.chm
Compiled HTML Help file
*.cmd
Windows® NT Command script
*.cla
Java class file
*.class
Java class file
*.com
Microsoft MS-DOS program
*.cpl
Control Panel extension
*.crt
Security certificate
*.csc
Corel script file
*.css
Cascading style sheet file
*.dll
DLL file
*.drv
Driver file
*.exe
Program
*.email
Microsoft Office Outlook® Express e-mail message
*.fon
Font file
*.hlp
Help file
*.hta
HTML program
*.htm*
HTML file
*.inf
Setup information
*.ins
Internet Naming Service
*.isp
Internet Communication settings
*.je
JScript file
*.js
JScript file
*.jse
Jscript Encoded Script file
*.lib
Program Library Common Object file format
*.lnk
Shortcut
*.mdb
Access database file
*.mde
MDE database
*.mht
Archived Web page
*.mhtml
Archived Web page
*.mhtm
Archived Web page
*.msc
Microsoft Common Console document
*.msi
Microsoft Windows Installer package
*.mso
Math script object file
*.msp
Microsoft Windows Installer patch
*.mst
Microsoft Visual Test source file
*.obj
Relocatable object code
*.ocx
Object linking and embedding control executable
*.ov?
OrgViewer file
*.pcd
Photo CD image, Microsoft Visual compiled script
*.pgm
CGI program
*.pif
Shortcut to MS-DOS program
*.prc
Palm Pilot resource file
*.rar
Archive file
*.reg
Registration entries
*.scr
Screen saver
*.sct
Windows Script component
*.shb
Shortcut into a document
*.shs
Shell Scrap object
*.smm
AMI Pro macro
*.swf
Macromedia file
*.sys
System device driver
*.tar
Archive file
*.url
Internet shortcut
*.vb
VBScript file
*.vbe
VBScript encoded script file
*.vbs
VBScript file
*.vxd
Virtual device driver
*.wsc
Windows Script component
*.wsf
Windows Script file
*.wsh
Windows Script Host Settings file
*}
CLSID Filter
Filter these files in any container file.
Ensure that Delete Corrupted Compressed Files is selected in General Options.
Ensure that Delete Encrypted Compressed Files is selected in General Options.
Enable the filter.
Save the filter.