Filtering on the Transport Scan Job

  • Article

 

Applies to: Forefront Security for Exchange Server

It is recommended that you set up a filter list for the Transport Scan Job that contains the file types most likely to be infected.

Additional filtering capabilities can be obtained by using Exchange 2007 Transport Rules (see the Exchange 2007 help topics). One difference between FSE file filtering and Exchange file filtering is that Exchange filters only on the file name, while FSE attempts to detect and filter files that match the file type, when possible, even if the file name has been changed.

Note

You should review this list periodically.

To configure a filter list of potentially dangerous file types

  1. Create a filter list for all files with the following extensions:

    Extension Type of file

    *.ace

    Archive file

    *.ade

    Microsoft Access Project Extension

    *.adp

    Microsoft Access Project

    *.adt

    ACT! Document template

    *.app

    Executable application

    *.asp

    Active Server Page files

    *.arj

    Archive file

    *.asd

    Word files that always have macros

    *.bas

    Microsoft Visual Basic class module

    *.bat

    Batch files

    *.bin

    Binary file

    *.btm

    Batch to memory batch file

    *.cbt

    Computer based training

    *.ceo

    Virus

    *.chm

    Compiled HTML Help file

    *.cmd

    Microsoft Windows NT Command script

    *.cla

    Java class file

    *.class

    Java class file

    *.com

    Microsoft MS-DOS program

    *.cpl

    Control Panel extension

    *.crt

    Security certificate

    *.csc

    Corel script file

    *.css

    Cascading style sheet file

    *.dll

    DLL files

    *.drv

    Driver Files

    *.exe

    Program

    *.email

    Outlook Express e-mail message

    *.fon

    Font file

    *.hlp

    Help file

    *.hta

    HTML program

    *.htm*

    HTML files

    *.inf

    Setup Information

    *.ins

    Internet Naming Service

    *.isp

    Internet Communication settings

    *.je

    JScript file

    *.js

    JScript file

    *.jse

    Jscript Encoded Script File

    *.lib

    Program Library Common Object File Format

    *.lnk

    Shortcut

    *.mdb

    Access Database File

    *.mde

    MDE database

    *.mht

    Archived web page

    *.mhtml

    Archived web page

    *.mhtm

    Archived web page

    *.msc

    Microsoft Common Console document

    *.msi

    Microsoft Windows Installer package

    *.mso

    Math script object file

    *.msp

    Microsoft Windows Installer patch

    *.mst

    Microsoft Visual Test source files

    *.obj

    Relocatable object code

    *.ocx

    Object linking and embedding control executable

    *.ov?

    OrgViewer file

    *.pcd

    Photo CD image, Microsoft Visual compiled script

    *.pgm

    CGI program

    *.pif

    Shortcut to MS-DOS program

    *.prc

    Palm Pilot resource file

    *.rar

    Archive file

    *.reg

    Registration entries

    *.scr

    Screen saver

    *.sct

    Windows Script Component

    *.shb

    Shortcut into a document

    *.shs

    Shell Scrap Object

    *.smm

    AMI Pro macro

    *.swf

    Macromedia Files

    *.sys

    System device driver

    *.tar

    Archive file

    *.url

    Internet shortcut

    *.vb

    VBScript file

    *.vbe

    VBScript encoded script file

    *.vbs

    VBScript file

    *.vxd

    Virtual device driver

    *.wsc

    Windows Script Component

    *.wsf

    Windows Script file

    *.wsh

    Windows Script Host Settings file

    *}

    CLSID Filter

  2. Filter these files in any container file.

  3. Ensure that Delete Corrupted Compressed Files is selected in General Options.

  4. Ensure that Delete Encrypted Compressed Files is selected in General Options.

  5. Enable the filter.

  6. Save the filter.