?
Solved

Exchange 2013 - Problem with some attachments

Posted on 2016-09-30
10
Medium Priority
?
200 Views
Last Modified: 2016-10-03
Hello ,


We have an Exchange 2013 infrastucture . 2 Edge servers , 2 CAS and 2 MBX . Infront of all this we use an antispam cloud service. Filtering is disabled in Edge Servers.

I have a strange problem with incoming attachments from a bank. Everyday they send statement files as a zip file. But exchange remove the attachment and placed a txt file . So the file name is statement.zip and exchange rename it to statement.zip.txt . In OWA also i see a message that says "  An attachment was removed from this email message
because the attachment may pose a security risk " 

Is there a way to bypass this ? I have also whitelist the user in our cloud antispam platform but the problem continues .

Thanks
0
Comment
Question by:Anestis Psomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 36

Accepted Solution

by:
Kimputer earned 2000 total points
ID: 41823287
Either totally disable Exchange 2013 Attachment filter function, or selectively only disable it for zip files. See here for the steps: https://technet.microsoft.com/en-us/library/aa997139(v=exchg.150).aspx
0
 

Author Comment

by:Anestis Psomas
ID: 41823297
Thanks for the info but zip files are not included in the attachment filter list.
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 41823314
You will know for sure if you totally disable the filter, then receive the email again.
If the zip arrives normally, it's REALLY still being filtered (albeit not named simply zip, but under somthing else). Please try that first.
If after you've disabled the whole filter, and it's still coming in as zip, we know we don't have to check this filter config at all.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 

Author Comment

by:Anestis Psomas
ID: 41823319
Thanks Kimputer ,

I must disable filtering only in Edge Servers ? Or also run commands in CAS and MBX Servers ?

Thanks
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 41823325
The function is only for Edge servers. So do it twice if you have 2 Edge servers. Don't forget the restart of the Transport service. Obviously, try to keep the testing as short as possible, disable filter, restart service, send email, check results, enable filter (because the filter DOES have its useful functions).
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 41824059
How do you know it is Exchange removing the attachment? I am pretty sure that Exchange doesn't remove the attachment with that text (unless you are paraphrasing from another language). I would be looking at your external filtering service.

Although if you are using an external filter, why bother with Edge servers as well?
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 41824361
Exchange do have a feature called Antimalware however it doesn't strip out the attachment and replacing with txt file.

Antimalware scans the email when it hits the "Transport", by default rule it deletes the entire email but I don't believe it has the ability to remove just the attachment without other Microsoft product, forefront protection

It should be an issue from your cloud spam filter which probably being stripped at that level.
0
 

Author Comment

by:Anestis Psomas
ID: 41826075
Hello all ,


I disable the attachment filter scanning and now the attachment received withouy any problem. Funny is that zip files are not in the attachment filter list. Any ideas why this is happening ?

Sembee you are right about the edge servers . They have no meaning now that we have a Cloud Service for antispam filtering . We keep them because we want to be sure we are ok first with the cloud antispam filtering and we will remove them later.

Thanks
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 41826095
So now that you know where to look (Edge server, Attachment filter), you can enable it, and try to find which rule is causing it. Probably one of the MIME types is taking care of the zips, under another name.
If you really can't find it, you probably have to disable application/octet-stream (though obviously, you'll start letting in a lot of things now, even .exe files!!!!). So either

disabled octet-stream, you don't mind .exe files (unsafe!)
disabled octet-stream, but you'll replace it with your own filters, including .exe etc etc
enabled, live with the fact zip files come in as txt files
0
 

Author Comment

by:Anestis Psomas
ID: 41826162
I will leave it disabled because im using a Cloud Antispam Solution so i filter attachments there.

Thanks a lot for your help kimpuer !!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question