File filtering action


Applies to: Forefront Security for Exchange Server

Select the action that you want Forefront Security for Exchange Server to perform when a file filter is matched. By default, it is set to Delete: remove contents.


You must set the action for each file filter you configure. The Action setting is not global.

Select one of the following:

  • Skip: detect only   Records the number of messages that meet the filter criteria, but permits messages to route normally. If, however, Delete Corrupted Compressed, Delete Corrupted Uuencode Files, or Delete Encrypted Compressed Files was selected in General Options, a match to any of those conditions causes the item to be deleted.

  • Delete: remove contents   Deletes the file attachment. The detected file attachment is removed from the message, and the Deletion Text is inserted in its place. You can configure the text using the Deletion Text button.

  • Purge: eliminate message   Deletes the message from your mail system. When you select this option, a warning appears informing you that if there is a filter match, the message will be purged and unrecoverable. Click Yes to continue.


    If the Quarantine Files check box is selected, however, purged messages are quarantined and can be recovered from the Quarantine database.

  • Identify: tag message   The subject line or message header of the detected message can be tagged with a customizable word or phrase. This tag can be modified for each scan job by clicking the Tag Text button on the Scan Job Settings work pane and modifying the text. This tag is used for all filters associated with the particular scan job.

For more information about setting file filters, including using wildcard characters and creating filters only for inbound or outbound messages, see the File Filtering chapter of the "Microsoft Forefront Security for Exchange Server User Guide."