After applying a file extension filter in Forefront Protection for Exchange 2010 we got complaints about .PDF, LNK, and .ZIP files not getting through.
The attachment would be removed and replace by a text file with the line "This attachment was removed" in it.
The first thing that attracts attention is the line "This attachment was removed".
This is not the standard text we configured in Forefront so it comes from another source.
Turns out after a standard install of Exchange 2010 (Edge) server, under water there is also a file filter active: "Attachment Filtering agent"
You can see this after running:
Get-AttachmentFilterEntry |fl
Type : ContentType
Name : application/x-msdownload
Identity : ContentType:application/x-msdownload
Type : ContentType
Name : message/partial
Identity : ContentType:message/partial
Type : ContentType
Name : text/scriptlet
Identity : ContentType:text/scriptlet
Type : ContentType
Name : application/prg
Identity : ContentType:application/prg
Type : ContentType
Name : application/msaccess
Identity : ContentType:application/msaccess
Type : ContentType
Name : text/javascript
Identity : ContentType:text/javascript
Type : ContentType
Name : application/x-javascript
Identity : ContentType:application/x-javascript
Type : ContentType
Name : application/javascript
Identity : ContentType:application/javascript
Type : ContentType
Name : x-internet-signup
Identity : ContentType:x-internet-signup
Type : ContentType
Name : application/hta
Identity : ContentType:application/hta
Type : FileName
Name : *.xnk
Identity : FileName:*.xnk
Type : FileName
Name : *.wsh
Identity : FileName:*.wsh
Type : FileName
Name : *.wsf
Identity : FileName:*.wsf
Type : FileName
Name : *.wsc
Identity : FileName:*.wsc
Type : FileName
Name : *.vbs
Identity : FileName:*.vbs
Type : FileName
Name : *.vbe
Identity : FileName:*.vbe
Type : FileName
Name : *.vb
Identity : FileName:*.vb
Type : FileName
Name : *.url
Identity : FileName:*.url
Type : FileName
Name : *.shs
Identity : FileName:*.shs
Type : FileName
Name : *.shb
Identity : FileName:*.shb
Type : FileName
Name : *.sct
Identity : FileName:*.sct
Type : FileName
Name : *.scr
Identity : FileName:*.scr
Type : FileName
Name : *.scf
Identity : FileName:*.scf
Type : FileName
Name : *.reg
Identity : FileName:*.reg
Type : FileName
Name : *.prg
Identity : FileName:*.prg
Type : FileName
Name : *.prf
Identity : FileName:*.prf
Type : FileName
Name : *.pif
Identity : FileName:*.pif
Type : FileName
Name : *.pcd
Identity : FileName:*.pcd
Type : FileName
Name : *.ops
Identity : FileName:*.ops
Type : FileName
Name : *.mst
Identity : FileName:*.mst
Type : FileName
Name : *.msp
Identity : FileName:*.msp
Type : FileName
Name : *.msi
Identity : FileName:*.msi
Type : FileName
Name : *.psc2
Identity : FileName:*.psc2
Type : FileName
Name : *.psc1
Identity : FileName:*.psc1
Type : FileName
Name : *.ps2xml
Identity : FileName:*.ps2xml
Type : FileName
Name : *.ps2
Identity : FileName:*.ps2
Type : FileName
Name : *.ps11xml
Identity : FileName:*.ps11xml
Type : FileName
Name : *.ps11
Identity : FileName:*.ps11
Type : FileName
Name : *.ps1xml
Identity : FileName:*.ps1xml
Type : FileName
Name : *.ps1
Identity : FileName:*.ps1
Type : FileName
Name : *.msc
Identity : FileName:*.msc
Type : FileName
Name : *.mdz
Identity : FileName:*.mdz
Type : FileName
Name : *.mdw
Identity : FileName:*.mdw
Type : FileName
Name : *.mdt
Identity : FileName:*.mdt
Type : FileName
Name : *.mde
Identity : FileName:*.mde
Type : FileName
Name : *.mdb
Identity : FileName:*.mdb
Type : FileName
Name : *.mda
Identity : FileName:*.mda
Type : FileName
Name : *.lnk
Identity : FileName:*.lnk
Type : FileName
Name : *.ksh
Identity : FileName:*.ksh
Type : FileName
Name : *.jse
Identity : FileName:*.jse
Type : FileName
Name : *.js
Identity : FileName:*.js
Type : FileName
Name : *.isp
Identity : FileName:*.isp
Type : FileName
Name : *.ins
Identity : FileName:*.ins
Type : FileName
Name : *.inf
Identity : FileName:*.inf
Type : FileName
Name : *.hta
Identity : FileName:*.hta
Type : FileName
Name : *.hlp
Identity : FileName:*.hlp
Type : FileName
Name : *.fxp
Identity : FileName:*.fxp
Type : FileName
Name : *.exe
Identity : FileName:*.exe
Type : FileName
Name : *.csh
Identity : FileName:*.csh
Type : FileName
Name : *.crt
Identity : FileName:*.crt
Type : FileName
Name : *.cpl
Identity : FileName:*.cpl
Type : FileName
Name : *.com
Identity : FileName:*.com
Type : FileName
Name : *.cmd
Identity : FileName:*.cmd
Type : FileName
Name : *.chm
Identity : FileName:*.chm
Type : FileName
Name : *.bat
Identity : FileName:*.bat
Type : FileName
Name : *.bas
Identity : FileName:*.bas
Type : FileName
Name : *.asx
Identity : FileName:*.asx
Type : FileName
Name : *.app
Identity : FileName:*.app
Type : FileName
Name : *.adp
Identity : FileName:*.adp
Type : FileName
Name : *.ade
Identity : FileName:*.ade
As shown above, the attachments .ZIP, .LNK, and .PDF are not shown.
Problem is that the attachment gets identified as an "invalid attachment" by the "Attachment Filtering agent".
Solutions;
Disable-TransportAgent -Identity "Attachment Filtering agent"
Restart-Service MSExchangeTransport
Or:
1.Stop the Microsoft Exchange Transport service.
2.Locate the EdgeTransport.exe.config file. This file is located in the following path:
drive:\Program Files\Microsoft\Exchange Server\Bin\
3.Add the following entry between the <appSettings> element and the </appSettings> element of the EdgeTransport.exe.config file:
<add key="AllowInvalidAttachment" value="true" />
4.Restart the Microsoft Exchange Transport service.
Source 1
Source 2
No comments:
Post a Comment