Exchange Admin 101: Email attachment blocking

Exchange

You may be surprised to learn that Microsoft Exchange does not natively support email attachment blocking. If you want to block inbound email attachments at the Exchange server, you have to rely on third-party software.

Make sure the third-party antivirus software you're running is Exchange-aware though. This type of program differs from a normal antivirus program, because it doesn't just scan files and folders -- it scans the Exchange information store. It examines every new message that goes into your organization. If a virus is detected, it neutralizes it before it reaches the recipient's mailbox.

Microsoft Outlook

There are a number of file extensions that Microsoft Outlook blocks by default. In fact, there are too many to list here, but they primarily consist of extensions used by executable files and system files. You can see the full list in Microsoft's article Attachment file types blocked by Outlook, if you're interested.

You can customize Outlook's email blocking rules by editing the system registry.

Important: If you make a mistake when editing the registry, you can seriously impair Windows and/or your applications. Make sure you always perform a full system backup before playing with the registry.

1. Open the Registry Editor and navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security.
2. Select New -> String Value from the Registry Editor's Edit menu.
3. Create a new string value named Level1Add (this is case sensitive).
4. Then assign the string a value corresponding to the file extension that you want to block. For example, if you wanted to block Word documents, you would assign the value .DOC. (You can enter multiple extensions by separating them with a semicolon.)

Outlook Web ...

To read more you must become a member of SearchExchange.com

As an existing member of the TechTarget network please activate your SearchExchange.com account 

By joining SearchExchange.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Outlook Outlook 2007 shut-down problems and fixes Microsoft Outlook and SharePoint calendar dos and don'ts Free tools facilitate large-scale Outlook and SharePoint integrations Exchange Mailbag: POP3 settings and Outlook issues Pros and cons of Outlook 2007's storage engine redesign Fix Outlook 2007 and SharePoint synchronization breaks Email issues after configuring hosted Exchange server on laptop Avoid Outlook 2007 performance issues during repairs A behind-the-scenes look at Outlook 2007 and SharePoint integration When to use a self-signed certificate with Exchange Server 2007 Microsoft Outlook Research Outlook Web Access OWA 2007 configuration tricks to boost performance Top 5 Exchange ActiveSync tips Lock down direct file access and protect OWA users Simplify an OWA URL on Windows Server 2008 Windows Mobile 6.5 touts Internet Explorer, OWA improvements When OWA's default configurations aren't good enough Digging deeper into Exchange Server 2010 Troubleshoot 'System Attendant' error messages in OWA Troubleshoot Microsoft Outlook Web Access problems Detecting update rollup and patch failures in OWA Microsoft Exchange Server 2003 Remove Exchange 2003 objects from AD to install Exchange 2010 Leapfrogging from Exchange 2003 to Exchange 2010 Top 5 Exchange ActiveSync tips Exchange Mailbag: POP3 settings and Outlook issues Migrating to Exchange 2007 with correct permissions Problems receiving email from outside a Exchange Server 2003 domain Exchange admins: Is it time to rethink your email address policy? Exchange Server 2003 collects email from only specific POP3 domains Changing email address formats in Exchange Server 2003 Should you remove .STM files from Exchange Server 2003? Microsoft Exchange Server 2003 Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bacn  (SearchExchange.com) email bankruptcy  (SearchExchange.com) offline folder file  (SearchExchange.com) OST file  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Access

Exchange 2003 is the first version of Exchange to support full-fledged email attachment blocking through Outlook Web Access. As with Outlook, OWA attachment blocking is controlled through the system registry. The difference is that OWA-based attachment blocking is controlled by the Exchange server's registry, while Outlook-based attachment blocking is controlled by the workstation's registry.

OWA attachment blocking can be configured through this registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWeb\OWA

There are two keys that you need to pay attention to: Level1FileTypes and Level2FileTypes. Any file extension appearing in the Level1FileTypes list is blocked completely by OWA. File extensions appearing in Level2FileTypes can't be opened directly, but can be saved to a workstation and opened outside OWA. You can easily add file extensions to either list by simply adding the desired file extension to the appropriate list.

Conclusion

Although Outlook and OWA block most potentially harmful file types, their email attachment-blocking features are no substitute for good client and server virus protection. Viruses can sometimes come in attachment types we usually consider safe. For example, Outlook does not block Microsoft Word documents. But a Word doc can contain a macro virus. Remember the huge uproar over the Melissa virus in 1999?

When you receive a bogus file attachment, your antivirus software is your primary defense.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at www.brienposey.com.

Do you have comments on this tip? Let us know.

Do you have a subject you'd like us to cover as part of our Exchange Admin 101 series? Share it with us.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.