Filtering files by file name


Applies to: Forefront Protection for Exchange

Topic Last Modified: 2010-05-11

If you want to filter all files with a certain name, create the filter list using the Filter files with specific name patterns option, and then in the file filter list, type the file name in the Filter criteria - by file name section. File name filter matching is not case-sensitive.

For example, if a virus uses an attached file named Payload.doc, you can specify payload.doc as the file name. This ensures that any file named payload.doc is filtered, regardless of the file type.

Detecting file attachments by name is also useful when there is an outbreak of a new virus and you know the name of the file in which the virus resides before your scan engines are updated to detect it. An example of this was the Melissa worm. It resided in a file named List.doc and could have been detected by FPE by using a file filter even before your scan engines detected it.

You can globally configure all file filters for inbound and outbound mail; for more information, see Globally configuring file filter lists for inbound and outbound mail. All inbound and outbound filtering settings are enabled by default. If you disable the global inbound or outbound setting, then the specified message direction is disabled throughout all file filter lists. If both global settings are enabled, then in the Filter criteria - by file name section, you can add an <in> or <out> prefix to the file name (do not place any spaces between the prefix and the file name) in order to target a specific message direction (the one that you specified with the prefix operator) for the specified file name (this is especially useful for testing purposes).

For example, prefixing the file name with the <in> directive instructs FPE to apply filtering only to inbound messages for this file name: <in>filename

Similarly, prefixing the file name with the <out> directive instructs FPE to apply filtering only to outbound messages for this file name: <out>filename

These prefixes apply per entry within a filter list.

Community Additions