Creating a file filter list
Applies to: Forefront Protection for Exchange
You can disallow certain e-mail file attachments by using the Forefront Protection 2010 for Exchange Server (FPE) file filter feature. The filter allows you to use four criteria:
File filtering offers a flexible means to detect file attachments within e-mail messages and other Outlook items, including Tasks and Schedules (such as meetings and appointments).
To create a file filter list
In the Forefront Protection 2010 for Exchange Server Administrator Console, click Policy Management, and then under the Filters section, click Configure.
In the Filters – Filter Lists pane, click the Create button.
In the Select Filter Type dialog box, select File and then click Next.
In the Select Your Goal dialog box, select what you want to achieve with this file filter list by selecting one of the following options and then clicking Next:
Filter files of specific types by inspecting the file header
Filter files with specific name patterns
Filter files of specific types AND with specific name patterns
The options that appear on the next dialog boxes are dependent upon what you select here.
In the Select File Types and Select File Names dialog boxes, specify the filter list name and filter details, and click Next when you are finished adding your criteria.
In the Filter list name box, type a name for the new list.
In the Filter criteria - by file type section, specify the file types to be filtered when matched by a file inspection. You can select one or more file types from the list. This section appears when you select Filter files of specific types by inspecting the file header or Filter files of specific types AND with specific name patterns.
For more information about specifying file types, including examples, see Filtering files by file type.
In the Filter criteria - by file name section, if you want to detect files with a particular file name, type the file name, and then click Add. You can repeat this step in order to add multiple file names, or you can add multiple file names on the same line, provided that they are separated by a comma. This section appears when you select Filter files with specific name patterns or Filter files of specific types AND with specific name patterns.
For more information about specifying values in the Filter criteria - by file name section, including examples, see Filtering files by file name, Filtering files by file extension, and Filtering files by file size.
You can edit items in a file filter list by double-clicking the item, editing the item, and then pressing ENTER. You can then modify additional file names or change the Filter criteria - by file type options. You can delete items from a file filter list by selecting the item and then clicking Remove. You can also import file names into a file filter list (For more information, see Importing items into a filter list) and export file names from a file filter list (For more information, see Exporting items from a filter list). For more information about using wildcard characters in order to further refine your file filters, see Using wildcard characters to refine filters.
In the Target dialog box, configure how you want the filter list to be applied to the transport, realtime, scheduled, and on-demand scan jobs:
To enable the filter list for use with the scan job, using the Enabled drop-down list, select Yes (this is the default).
Configure the action that FPE should take when a file filter is matched by using the Action drop-down list for each scan job.
For the transport scan job, select Skip detect, Purge, Delete (the default), Identify in subject line, Identify in message header, or Identify in subject line and message header.
For the realtime and scheduled scan jobs, select Skip detect, Purge, or Delete (the default).
For the on-demand scan job, select Skip detect or Delete (the default).
For more information about these options, see Configuring the action when a filter is matched.
To configure FPE to quarantine messages and attachments when the filter is matched, using the Quarantine files drop-down list, select Yes. Quarantining for filters is enabled by default. Enabling quarantining causes deleted attachments and purged messages to be stored, permitting you to recover them. However, worm-purged messages are not recoverable.
To configure notifications when the filter is matched, using the Notifications drop-down list, you can select Never send notifications to prevent the sending of the File filter matched notification, even if it is enabled. Otherwise, when Use notification settings is selected (this is the default), FPE uses the configured File filter matched notification settings.
The filter list you just created appears on the Filters – Filter Lists pane.
For more information about viewing and managing this filter list and others, see Viewing and managing filter lists.
Best practices for configuring Forefront Protection 2010 for Exchange
Globally configuring file filter lists for inbound and outbound mail
Skipping file filtering within compressed files
Editing deletion text for file filters