04 November 2013

This attachment was removed

After applying a file extension filter in Forefront Protection for Exchange 2010 we got complaints about .PDF, LNK, and .ZIP files not getting through.

The attachment would be removed and replace by a text file with the line "This attachment was removed" in it.

The first thing that attracts attention is the line "This attachment was removed".
This is not the standard text we configured in Forefront so it comes from another source.

Turns out after a standard install of Exchange 2010 (Edge) server, under water there is also a file filter active: "Attachment Filtering agent"

You can see this after running:

Get-AttachmentFilterEntry |fl

Type     : ContentType
Name     : application/x-msdownload
Identity : ContentType:application/x-msdownload

Type     : ContentType
Name     : message/partial
Identity : ContentType:message/partial

Type     : ContentType
Name     : text/scriptlet
Identity : ContentType:text/scriptlet

Type     : ContentType
Name     : application/prg
Identity : ContentType:application/prg

Type     : ContentType
Name     : application/msaccess
Identity : ContentType:application/msaccess

Type     : ContentType
Name     : text/javascript
Identity : ContentType:text/javascript

Type     : ContentType
Name     : application/x-javascript
Identity : ContentType:application/x-javascript

Type     : ContentType
Name     : application/javascript
Identity : ContentType:application/javascript

Type     : ContentType
Name     : x-internet-signup
Identity : ContentType:x-internet-signup

Type     : ContentType
Name     : application/hta
Identity : ContentType:application/hta

Type     : FileName
Name     : *.xnk
Identity : FileName:*.xnk

Type     : FileName
Name     : *.wsh
Identity : FileName:*.wsh

Type     : FileName
Name     : *.wsf
Identity : FileName:*.wsf

Type     : FileName
Name     : *.wsc
Identity : FileName:*.wsc

Type     : FileName
Name     : *.vbs
Identity : FileName:*.vbs

Type     : FileName
Name     : *.vbe
Identity : FileName:*.vbe

Type     : FileName
Name     : *.vb
Identity : FileName:*.vb

Type     : FileName
Name     : *.url
Identity : FileName:*.url

Type     : FileName
Name     : *.shs
Identity : FileName:*.shs

Type     : FileName
Name     : *.shb
Identity : FileName:*.shb

Type     : FileName
Name     : *.sct
Identity : FileName:*.sct

Type     : FileName
Name     : *.scr
Identity : FileName:*.scr

Type     : FileName
Name     : *.scf
Identity : FileName:*.scf

Type     : FileName
Name     : *.reg
Identity : FileName:*.reg

Type     : FileName
Name     : *.prg
Identity : FileName:*.prg

Type     : FileName
Name     : *.prf
Identity : FileName:*.prf

Type     : FileName
Name     : *.pif
Identity : FileName:*.pif

Type     : FileName
Name     : *.pcd
Identity : FileName:*.pcd

Type     : FileName
Name     : *.ops
Identity : FileName:*.ops

Type     : FileName
Name     : *.mst
Identity : FileName:*.mst

Type     : FileName
Name     : *.msp
Identity : FileName:*.msp

Type     : FileName
Name     : *.msi
Identity : FileName:*.msi

Type     : FileName
Name     : *.psc2
Identity : FileName:*.psc2

Type     : FileName
Name     : *.psc1
Identity : FileName:*.psc1

Type     : FileName
Name     : *.ps2xml
Identity : FileName:*.ps2xml

Type     : FileName
Name     : *.ps2
Identity : FileName:*.ps2

Type     : FileName
Name     : *.ps11xml
Identity : FileName:*.ps11xml

Type     : FileName
Name     : *.ps11
Identity : FileName:*.ps11

Type     : FileName
Name     : *.ps1xml
Identity : FileName:*.ps1xml

Type     : FileName
Name     : *.ps1
Identity : FileName:*.ps1

Type     : FileName
Name     : *.msc
Identity : FileName:*.msc

Type     : FileName
Name     : *.mdz
Identity : FileName:*.mdz

Type     : FileName
Name     : *.mdw
Identity : FileName:*.mdw

Type     : FileName
Name     : *.mdt
Identity : FileName:*.mdt

Type     : FileName
Name     : *.mde
Identity : FileName:*.mde

Type     : FileName
Name     : *.mdb
Identity : FileName:*.mdb

Type     : FileName
Name     : *.mda
Identity : FileName:*.mda

Type     : FileName
Name     : *.lnk
Identity : FileName:*.lnk

Type     : FileName
Name     : *.ksh
Identity : FileName:*.ksh

Type     : FileName
Name     : *.jse
Identity : FileName:*.jse

Type     : FileName
Name     : *.js
Identity : FileName:*.js

Type     : FileName
Name     : *.isp
Identity : FileName:*.isp

Type     : FileName
Name     : *.ins
Identity : FileName:*.ins

Type     : FileName
Name     : *.inf
Identity : FileName:*.inf

Type     : FileName
Name     : *.hta
Identity : FileName:*.hta

Type     : FileName
Name     : *.hlp
Identity : FileName:*.hlp

Type     : FileName
Name     : *.fxp
Identity : FileName:*.fxp

Type     : FileName
Name     : *.exe
Identity : FileName:*.exe

Type     : FileName
Name     : *.csh
Identity : FileName:*.csh

Type     : FileName
Name     : *.crt
Identity : FileName:*.crt

Type     : FileName
Name     : *.cpl
Identity : FileName:*.cpl

Type     : FileName
Name     : *.com
Identity : FileName:*.com

Type     : FileName
Name     : *.cmd
Identity : FileName:*.cmd

Type     : FileName
Name     : *.chm
Identity : FileName:*.chm

Type     : FileName
Name     : *.bat
Identity : FileName:*.bat

Type     : FileName
Name     : *.bas
Identity : FileName:*.bas

Type     : FileName
Name     : *.asx
Identity : FileName:*.asx

Type     : FileName
Name     : *.app
Identity : FileName:*.app

Type     : FileName
Name     : *.adp
Identity : FileName:*.adp

Type     : FileName
Name     : *.ade
Identity : FileName:*.ade


As shown above, the attachments .ZIP, .LNK, and .PDF are not shown.
Problem is that the attachment gets identified as an "invalid attachment" by the "Attachment Filtering agent".

Solutions;

Disable-TransportAgent -Identity "Attachment Filtering agent"

Restart-Service MSExchangeTransport

Or:

1.Stop the Microsoft Exchange Transport service.

2.Locate the EdgeTransport.exe.config file. This file is located in the following path:
drive:\Program Files\Microsoft\Exchange Server\Bin\
 
3.Add the following entry between the <appSettings> element and the </appSettings>  element          of  the EdgeTransport.exe.config file:
  
<add key="AllowInvalidAttachment" value="true" />
4.Restart the Microsoft Exchange Transport service.

Source 1


Source 2





 

No comments:

Post a Comment