Use mail flow rules to inspect message attachments in Office 365Use mail flow rules to inspect message attachments in Office 365

您可以檢查 Office 365 組織中的電子郵件附件來設定郵件流程規則 (也稱為傳輸規則)。Exchange Online 提供郵件流程規則檢查郵件的安全性和規範需求的一部分的電子郵件附件的能力。當您檢查附件時,就可以採取動作已檢查根據內容或特性這些附件的郵件上。以下是使用郵件流程規則來執行一些附件相關的工作:You can inspect email attachments in your Office 365 organization by setting up mail flow rules (also known as transport rules). Exchange Online offers mail flow rules that provide the ability to examine email attachments as a part of your messaging security and compliance needs. When you inspect attachments, you can then take action on the messages that were inspected based on the content or characteristics of those attachments. Here are some attachment-related tasks you can do by using mail flow rules:

  • 搜尋以符合您指定,並將免責聲明新增至訊息結尾的型態的文字檔案。Search for files with text that matches a pattern you specify, and add a disclaimer to the end of the message.

  • 檢查附件內的內容,如果有您指定的任何關鍵字,則將郵件轉寄給仲裁者核准之後再傳遞。Inspect content within attachments and, if there are any keywords you specify, redirect the message to a moderator for approval before it's delivered.

  • 檢查郵件是否有無法檢查的附件,然後阻止傳送整個郵件。Check for messages with attachments that can't be inspected and then block the entire message from being sent.

  • 檢查附件是否超過特定大小,如果您選擇防止傳遞郵件,則將問題告知寄件者。Check for attachments that exceed a certain size and then notify the sender of the issue if you choose to prevent the message from being delivered.

  • 檢查附加 Office 文件的內容是否符合您指定的值。發生此情況,您可以整合郵件流程規則與 DLP 原則與協力廠商分類系統,如 SharePoint Server 2013 或 Windows Server 2012 R2 檔案分類基礎結構 (FCI) 的需求。Check whether the properties of an attached Office document match the values that you specify. With this condition, you can integrate the requirements of your mail flow rules and DLP policies with a third-party classification system, such as SharePoint Server 2013 or Windows Server 2012 R2 File Classification Infrastructure (FCI).

  • 建立通知,提醒使用者傳送的郵件已符合的郵件流程規則時。Create notifications that alert users if they send a message that has matched a mail flow rule.

  • 封鎖所有包含附件的郵件。如需範例,請參閱 <常見附件的郵件流程規則封鎖案例Block all messages containing attachments. For examples, see Common attachment blocking scenarios for mail flow rules.

注意

所有這些條件會掃描壓縮的封存附件。All of these conditions will scan compressed archive attachments.

Exchange Online 系統管理員可以建立郵件流程規則在 Exchange 系統管理中心 (EAC) 在 [郵件流程 > 規則。您必須獲得權限才能執行此程序。在您開始建立新的規則之後,您可以看到附件相關的條件的完整清單依序按一下 [更多選項 > 套用此規則情況下的 [任何附件。下圖顯示附件相關的選項。Exchange Online admins can create mail flow rules in the Exchange admin center (EAC) at Mail flow > Rules. You need to be assigned permissions before you can perform this procedure. After you start to create a new rule, you can see the full list of attachment-related conditions by clicking More options > Any attachment under Apply this rule if. The attachment-related options are shown in the following diagram.

附件的條件清單

如需關於郵件流程規則,包括完整範圍的條件和動作您可選擇,請參閱Mail flow 規則 (傳輸規則) 在 Exchange Online。Exchange Online Protection (EOP) 和混合式客戶可以而受益的郵件流程規則Best Practices for Configuring EOP> 中所提供的最佳作法。如果您已經準備好開始建立規則,請參閱管理郵件流程規則For more information about mail flow rules, including the full range of conditions and actions that you can choose, see Mail flow rules (transport rules) in Exchange Online. Exchange Online Protection (EOP) and hybrid customers can benefit from the mail flow rules best practices provided in Best Practices for Configuring EOP. If you're ready to start creating rules, see Manage mail flow rules.

檢查附件內的內容Inspect the content within attachments

您可以使用下表中的郵件流程規則條件来檢查郵件附件的內容。對於下列情況中,會檢查僅第一個一個 mb 的附件從擷取的文字。請注意 1 MB 限制指的是解壓縮的文字不附件的檔案大小。例如 2 MB 的檔案可能包含少於 1 MB 的文字,因此會檢查所有文字。You can use the mail flow rule conditions in the following table to examine the content of attachments to messages. For these conditions, only the first one megabyte (MB) of text extracted from an attachment is inspected. Note that the 1 MB limit refers to the extracted text, not the file size of the attachment. For example, a 2 MB file may contain less than 1 MB of text, so all of the text would be inspected.

若要啟動時檢查郵件使用這些條件,您需要將其新增至 [郵件流程規則。了解建立或變更在管理郵件流程規則的規則。In order to start using these conditions when inspecting messages, you need to add them to a mail flow rule. Learn about creating or changing rules at Manage mail flow rules.

在 EAC 中的條件名稱Condition name in the EAC Exchange Online PowerShell 中的條件名稱Condition name in Exchange Online PowerShell 描述Description
任何附件的內容包含Any attachment's content includes
任何附件> 內容包含任何這些字詞Any attachment > content includes any of these words
AttachmentContainsWordsAttachmentContainsWords
此條件可找出支援的檔案類型附件包含指定之字串或字元群組的郵件。This condition matches messages with supported file type attachments that contain a specified string or group of characters.
任何附件的內容符合Any attachment's content matches
任何附件> 內容符合這些文字模式Any attachment > content matches these text patterns
AttachmentMatchesPatternsAttachmentMatchesPatterns
此條件可找出支援的檔案類型附件包含文字樣式符合指定規則運算式的郵件。This condition matches messages with supported file type attachments that contain a text pattern that matches a specified regular expression.
無法檢查任何附件的內容Any attachment's content can't be inspected
任何附件> 無法檢查內容Any attachment > content can't be inspected
AttachmentIsUnsupportedAttachmentIsUnsupported
郵件流程規則只可以檢查支援的檔案類型的內容。如果郵件流程規則遇到不支援的附件,就會觸發_AttachmentIsUnsupported_條件。下一節說明支援的檔案類型。Mail flow rules only can inspect the content of supported file types. If the mail flow rule encounters an attachment that isn't supported, the AttachmentIsUnsupported condition is triggered. The supported file types are described in the next section.

附註Notes:

在 Exchange Online PowerShell 中的條件名稱是New-transportruleSet-transportrule指令程式上的參數名稱。如需詳細資訊,請參閱New-transportruleThe conditions names in Exchange Online PowerShell are parameters names on the New-TransportRule and Set-TransportRule cmdlets. For more information, see New-TransportRule.

深入了解這些條件[的郵件流程規則條件和例外狀況 (述詞) 在 Exchange Online和[規則條件和例外狀況 (述詞) 在 Exchange Online Protection 的郵件流程的屬性類型。Learn more about property types for these conditions at Mail flow rule conditions and exceptions (predicates) in Exchange Online and Mail flow rule conditions and exceptions (predicates) in Exchange Online Protection.

若要了解如何使用 Windows PowerShell 連線到 Exchange Online,請參閱連線到 Exchange Online Protection PowerShellTo learn how to use Windows PowerShell to connect to Exchange Online, see Connect to Exchange Online PowerShell.

郵件流程規則內容檢查支援的檔案類型Supported file types for mail flow rule content inspection

下表列出郵件流程規則所支援的檔案類型。系統會自動偵測檔案類型來檢查檔案內容而不是實際副檔名,因此協助防止惡意駭客可略過篩選重新命名為特定副檔名的郵件流程規則。本主題稍後的列可以檢查郵件流程規則的內容中的可執行程式碼的檔案類型的清單。The following table lists the file types supported by mail flow rules. The system automatically detects file types by inspecting file properties rather than the actual file name extension, thus helping to prevent malicious hackers from being able to bypass mail flow rule filtering by renaming a file extension. A list of file types with executable code that can be checked within the context of mail flow rules is listed later in this topic.

類別Category 檔案副檔名File extension 附註Notes
Office 2007 與更新版本Office 2007 and later
.docm、.docx、.pptm、.pptx、.pub、.one、.xlsb、.xlsm、.xlsx.docm, .docx, .pptm, .pptx, .pub, .one, .xlsb, .xlsm, .xlsx
預設不支援 Microsoft OneNote 和 Microsoft Publisher 檔案。Microsoft OneNote and Microsoft Publisher files aren't supported by default.
也會檢查任何內嵌的組件包含下列檔案類型的內容。不過,任何物件的名稱 (例如連結的文件) 不內嵌不檢查。The contents of any embedded parts contained within these file types are also inspected. However, any objects that aren't embedded (for example, linked documents) aren't inspected.
Office 2003Office 2003
.doc、.ppt、.xls.doc, .ppt, .xls
None
其他 Office 檔案Additional Office files
.rtf、.vdw、.vsd、.vss、.vst.rtf, .vdw, .vsd, .vss, .vst
None
Adobe PDFAdobe PDF
.pdf.pdf
None
HTMLHTML
.html.html
None
XMLXML
.xml、.odp、.ods、.odt.xml, .odp, .ods, .odt
None
文字Text
.txt、.asm、.bat、.c、.cmd、.cpp、.cxx、.def、.dic、.h、.hpp、.hxx、.ibq、.idl、.inc、.inf、.ini、inx、.js、.log、.m3u、.pl、.rc、.reg、.txt、.vbs、.wtx.txt, .asm, .bat, .c, .cmd, .cpp, .cxx, .def, .dic, .h, .hpp, .hxx, .ibq, .idl, .inc, inf, .ini, inx, .js, .log, .m3u, .pl, .rc, .reg, .txt, .vbs, .wtx
None
OpenDocumentOpenDocument
.odp、.ods、.odt.odp, .ods, .odt
不處理.odf 檔案的任何部分。例如,如果.odf 檔案包含內嵌文件,不檢查該內嵌文件的內容。No parts of .odf files are processed. For example, if the .odf file contains an embedded document, the contents of that embedded document aren't inspected.
AutoCAD 繪圖AutoCAD Drawing
.dxf.dxf
不支援 AutoCAD 2013 檔案。AutoCAD 2013 files aren't supported.
影像Image
.jpg、.tiff.jpg, .tiff
只會檢查與這些影像檔案相關聯的中繼資料文字。沒有光學字元辨識功能。Only the metadata text associated with these image files is inspected. There is no optical character recognition.
壓縮的封存檔Compressed archive files
.bz2、 cab、.gz、.rar、.tar、.zip、.7z.bz2, cab, .gz, .rar, .tar, .zip, .7z
支援的檔案類型格式中原本,這些檔案的內容會檢查及處理的方式類似於具有多個附件的郵件。不會檢查壓縮的封存檔案本身的內容。例如,如果此容器檔案類型支援註解,該欄位不檢查。The content of these files, which were originally in a supported file type format, are inspected and processed in a manner similar to messages that have multiple attachments. The properties of the compressed archive file itself are not inspected. For example, if the container file type supports comments, that field isn't inspected.

檢查附件的檔案屬性Inspect the file properties of attachments

下列條件可以用於郵件流程規則檢查不同的郵件會附加的檔案屬性。若要啟動時檢查郵件使用這些條件,您需要將其新增至 [郵件流程規則。如需建立或變更規則的詳細資訊,請參閱管理郵件流程規則The following conditions can be used in mail flow rules to inspect different properties of files that are attached to messages. In order to start using these conditions when inspecting messages, you need to add them to a mail flow rule. For more information about creating or changing rules, see Manage mail flow rules.

在 EAC 中的條件名稱Condition name in the EAC Exchange Online PowerShell 中的條件名稱Condition name in Exchange Online PowerShell 描述Description
任何附件的檔案名稱符合Any attachment's file name matches
任何附件> 檔案名稱符合這些文字模式Any attachment > file name matches these text patterns
AttachmentNameMatchesPatternsAttachmentNameMatchesPatterns
此條件可找出的附件檔案名稱包含指定的字元的郵件。This condition matches messages with attachments whose file name contains the characters you specify.
任何附件的副檔名符合Any attachment's file extension matches
任何附件> 副檔名包括這些字詞Any attachment > file extension includes these words
AttachmentExtensionMatchesWordsAttachmentExtensionMatchesWords
此條件可比對的附件的副檔名符合您所指定的郵件。This condition matches messages with attachments whose file name extension matches what you specify.
任何附件均大於或等於Any attachment is greater than or equal to
任何附件> 大小為大於或等於Any attachment > size is greater than or equal to
AttachmentSizeOverAttachmentSizeOver
此條件可比對這些附件都大於或等於指定的大小附件的郵件。This condition matches messages with attachments when those attachments are greater than or equal to the size you specify.
郵件未完成掃描The message didn't complete scanning
任何附件> 未完成掃描Any attachment > didn't complete scanning
AttachmentProcessingLimitExceededAttachmentProcessingLimitExceeded
此條件可找出郵件的郵件流程規則代理程式不檢查附件。This condition matches messages when an attachment is not inspected by the mail flow rules agent.
任何附件都有可執行的內容Any attachment has executable content
任何附件> 具有可執行內容Any attachment > has executable content
AttachmentHasExecutableContentAttachmentHasExecutableContent
此條件可找出包含可執行檔案附件的郵件。支援的檔案類型會列在此處。This condition matches messages that contain executable files as attachments. The supported file types are listed here.
所有附件均受密碼保護Any attachment is password protected
任何附件> 受到密碼保護Any attachment > is password protected
AttachmentIsPasswordProtectedAttachmentIsPasswordProtected
此條件可找出附件由密碼保護的郵件。密碼偵測僅適用於 Office 文件及.zip 檔案。This condition matches messages with attachments that are protected by a password. Password detection only works for Office documents and .zip files.
任何附件都有這些屬性,包括任何這些字詞Any attachment has these properties, including any of these words
任何附件> 有這些屬性,包括任何這些字詞Any attachment > has these properties, including any of these words
AttachmentPropertyContainsWordsAttachmentPropertyContainsWords
此條件可比對出附件的 Office 文件的指定的屬性包含指定的文字的郵件。屬性和可能的值會以分號區隔。使用逗號分隔多個值。多個屬性/值組也會使用逗號區隔。This condition matches messages where the specified property of the attached Office document contains specified words. A property and its possible values are separated with a colon. Multiple values are separated with a comma. Multiple property/value pairs are also separated with a comma.

附註Notes:

在 Exchange Online PowerShell 中的條件名稱是New-transportruleSet-transportrule指令程式上的參數名稱。如需詳細資訊,請參閱New-transportruleThe conditions names in Exchange Online PowerShell are parameters names on the New-TransportRule and Set-TransportRule cmdlets. For more information, see New-TransportRule.

深入了解這些條件[的郵件流程規則條件和例外狀況 (述詞) 在 Exchange Online和[規則條件和例外狀況 (述詞) 在 Exchange Online Protection 的郵件流程的屬性類型。Learn more about property types for these conditions at Mail flow rule conditions and exceptions (predicates) in Exchange Online and Mail flow rule conditions and exceptions (predicates) in Exchange Online Protection.

若要了解如何使用 Windows PowerShell 連線到 Exchange Online,請參閱連線到 Exchange Online Protection PowerShellTo learn how to use Windows PowerShell to connect to Exchange Online, see Connect to Exchange Online PowerShell.

郵件流程規則檢查支援的可執行檔類型Supported executable file types for mail flow rule inspection

郵件流程規則檢查檔案內容,而不是只是副檔名用於偵測,則為 true 的類型。這有助於防止惡意駭客重新命名為特定副檔名略過您的規則。下表列出支援這些條件的可執行檔類型。如果找到檔案時,不在這裡列出是、AttachmentIsUnsupported觸發條件。The mail flow rules use true type detection to inspect file properties rather than merely the file extensions. This helps to prevent malicious hackers from being able to bypass your rule by renaming a file extension. The following table lists the executable file types supported by these conditions. If a file is found that is not listed here, the AttachmentIsUnsupported condition is triggered.

檔案類型Type of file 原生副檔名Native extension
具有動態連結程式庫副檔名的 32 位元 Windows 可執行檔。32-bit Windows executable file with a dynamic link library extension.
.dll.dll
自我解壓縮的可執行程式檔。Self-extracting executable program file.
.exe.exe
解除安裝可執行檔。Uninstallation executable file.
.exe.exe
程式捷徑檔案。Program shortcut file.
.exe.exe
32 位元 Windows 執行檔。32-bit Windows executable file.
.exe.exe
Microsoft Visio XML 繪圖檔案。Microsoft Visio XML drawing file.
.vxd.vxd
OS/2 作業系統檔案。OS/2 operating system file.
.os2.os2
16 位元 Windows 執行檔。16-bit Windows executable file.
.w16.w16
磁碟作業系統檔案。Disk-operating system file.
.dos.dos
歐洲電腦防毒研究協會標準防毒測試檔案。European Institute for Computer Antivirus Research standard antivirus test file.
.com.com
Windows 程式資訊檔案。Windows program information file.
.pif.pif
Windows 可執行程式檔。Windows executable program file.
.exe.exe

重要

.rar(自我解壓縮封存檔案以 WinRAR 封存程式建立) 的 .jar (Java 封存檔案) 與 .obj (已編譯的原始的程式碼、 3D 物件或序列檔案) 檔案皆被視為可執行檔類型。若要封鎖這些檔案,您可以使用具有下列副檔名的檔案尋找本主題先前所述的郵件流程規則或您可以設定反惡意程式碼原則封鎖這些檔案類型 (一般附件類型篩選)。如需詳細資訊,請參閱 < Configure Anti-malware Policies.rar (self-extracting archive files created with the WinRAR archiver), .jar (Java archive files), and .obj (compiled source code, 3D object, or sequence files) files are not considered to be executable file types. To block these files, you can use mail flow rules that look for files with these extensions as described earlier in this topic, or you can configure an antimalware policy that blocks these file types (the common attachment types filter). For more information, see Configure Anti-Malware Policies.

資料外洩防護原則和附件的郵件流程規則Data loss prevention policies and attachment mail flow rules

為了協助您管理電子郵件中重要的商務資訊,除了資料外洩防護 (DLP) 原則,您還可以加入任何附件相關條件。To help you manage important business information in email, you can include any of the attachment-related conditions along with the rules of a data loss prevention (DLP) policy.

DLP 原則和附件相關的狀況可協助您做為郵件流程規則條件、 例外狀況和動作定義這些需求,以強制執行您的業務需求。當您在 DLP 原則中包含敏感資訊進行檢查時,任何附件的郵件會掃描只有該資訊。不過,如大小或檔案類型附件相關條件不包含之前新增此主題中所列的條件。DLP 不適用於所有 Exchange; 版本資料外洩防護深入了解。DLP policies and attachment-related conditions can help you enforce your business needs by defining those needs as mail flow rule conditions, exceptions, and actions. When you include the sensitive information inspection in a DLP policy, any attachments to messages are scanned for that information only. However, attachment-related conditions such as size or file type are not included until you add the conditions listed in this topic. DLP is not available with all versions of Exchange; learn more at Data loss prevention.

相關資訊For more information

如需廣泛封鎖電子郵件與惡意程式碼狀態的附件,請參閱減少惡意程式碼威脅透過 Exchange Online Protection 封鎖的檔案附件For information on broadly blocking email with attachments, regardless of malware status, see Reducing Malware Threats Through File Attachment Blocking in Exchange Online Protection.