Filtering on the Transport Scan Job
Applies to: Forefront Security for Exchange Server
It is recommended that you set up a filter list for the Transport Scan Job that contains the file types most likely to be infected.
Additional filtering capabilities can be obtained by using Exchange 2007 Transport Rules (see the Exchange 2007 help topics). One difference between FSE file filtering and Exchange file filtering is that Exchange filters only on the file name, while FSE attempts to detect and filter files that match the file type, when possible, even if the file name has been changed.
Note
You should review this list periodically.
To configure a filter list of potentially dangerous file types
Create a filter list for all files with the following extensions:
Extension Type of file *.ace
Archive file
*.ade
Microsoft Access Project Extension
*.adp
Microsoft Access Project
*.adt
ACT! Document template
*.app
Executable application
*.asp
Active Server Page files
*.arj
Archive file
*.asd
Word files that always have macros
*.bas
Microsoft Visual Basic class module
*.bat
Batch files
*.bin
Binary file
*.btm
Batch to memory batch file
*.cbt
Computer based training
*.ceo
Virus
*.chm
Compiled HTML Help file
*.cmd
Microsoft Windows NT Command script
*.cla
Java class file
*.class
Java class file
*.com
Microsoft MS-DOS program
*.cpl
Control Panel extension
*.crt
Security certificate
*.csc
Corel script file
*.css
Cascading style sheet file
*.dll
DLL files
*.drv
Driver Files
*.exe
Program
*.email
Outlook Express e-mail message
*.fon
Font file
*.hlp
Help file
*.hta
HTML program
*.htm*
HTML files
*.inf
Setup Information
*.ins
Internet Naming Service
*.isp
Internet Communication settings
*.je
JScript file
*.js
JScript file
*.jse
Jscript Encoded Script File
*.lib
Program Library Common Object File Format
*.lnk
Shortcut
*.mdb
Access Database File
*.mde
MDE database
*.mht
Archived web page
*.mhtml
Archived web page
*.mhtm
Archived web page
*.msc
Microsoft Common Console document
*.msi
Microsoft Windows Installer package
*.mso
Math script object file
*.msp
Microsoft Windows Installer patch
*.mst
Microsoft Visual Test source files
*.obj
Relocatable object code
*.ocx
Object linking and embedding control executable
*.ov?
OrgViewer file
*.pcd
Photo CD image, Microsoft Visual compiled script
*.pgm
CGI program
*.pif
Shortcut to MS-DOS program
*.prc
Palm Pilot resource file
*.rar
Archive file
*.reg
Registration entries
*.scr
Screen saver
*.sct
Windows Script Component
*.shb
Shortcut into a document
*.shs
Shell Scrap Object
*.smm
AMI Pro macro
*.swf
Macromedia Files
*.sys
System device driver
*.tar
Archive file
*.url
Internet shortcut
*.vb
VBScript file
*.vbe
VBScript encoded script file
*.vbs
VBScript file
*.vxd
Virtual device driver
*.wsc
Windows Script Component
*.wsf
Windows Script file
*.wsh
Windows Script Host Settings file
*}
CLSID Filter
Filter these files in any container file.
Ensure that Delete Corrupted Compressed Files is selected in General Options.
Ensure that Delete Encrypted Compressed Files is selected in General Options.
Enable the filter.
Save the filter.