Attachment filtering must remove undesirable attachments by file type.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
Exch-ED-225	Exch-ED-225	Exch-ED-225_rule		Medium

Description
By performing filtering at the perimeter, up to 90% of SPAM, malware, and other undesirable messages are eliminated from the message stream rather than admitting them into the Mail server environment. Attachments are being used more frequently for different forms of attacks. By filtering undesirable attachments a large percent of malicious code can be prevented from entering the system. Attachments must be controlled at the entry point into the email environment to prevent successful attachment-based attacks. The following is a basic list of known attachments that should be filtered from Internet mail attachments. .ade .crt .jse .msi .scr .wsh .dir .adp .csh .ksh .msp .sct .htm .dcr .app .exe .lnk .mst .shb .html .plg .asx .fxp .mda .ops .shs .htc .spl .bas .hlp .mdb .pcd .url .mht .swf .bat .hta .mde .pif .vb .mhtml .zip .chm .inf .mdt .prf .vbe .shtm .cmd .ins .mdw .prg .vbs .shtml .com .isp .mdz .reg .wsc .stm .cpl .js .msc .scf .wsf .xml

Description

By performing filtering at the perimeter, up to 90% of SPAM, malware, and other undesirable messages are eliminated from the message stream rather than admitting them into the Mail server environment. Attachments are being used more frequently for different forms of attacks. By filtering undesirable attachments a large percent of malicious code can be prevented from entering the system. Attachments must be controlled at the entry point into the email environment to prevent successful attachment-based attacks. The following is a basic list of known attachments that should be filtered from Internet mail attachments. *.ade *.crt *.jse *.msi *.scr *.wsh *.dir *.adp *.csh *.ksh *.msp *.sct *.htm *.dcr *.app *.exe *.lnk *.mst *.shb *.html *.plg *.asx *.fxp *.mda *.ops *.shs *.htc *.spl *.bas *.hlp *.mdb *.pcd *.url *.mht *.swf *.bat *.hta *.mde *.pif *.vb *.mhtml *.zip *.chm *.inf *.mdt *.prf *.vbe *.shtm *.cmd *.ins *.mdw *.prg *.vbs *.shtml *.com *.isp *.mdz *.reg *.wsc *.stm *.cpl *.js *.msc *.scf *.wsf *.xml

STIG	Date
Microsoft Exchange 2010 Edge Transport Server Role	2012-05-31

Details

Check Text ( C-_chk )
Obtain the Email Domain Security Plan (EDSP) and locate the list of acceptable attachment types. Open the Exchange Management Shell and enter the following command. Get-AttachmentFilterEntry If the value returned is different from the EDSP acceptable attachment types, this is a finding.

Fix Text (F-_fix)
Open the Exchange Management Shell and enter the following command. Add-AttachmentFilterEntry -Name <'*.FileExtension'> -Type FileName