UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Exchange Attachment filtering must remove undesirable attachments by file type.


Overview

Finding ID Version Rule ID IA Controls Severity
V-69875 EX13-EG-000200 SV-84497r2_rule Medium
Description
By performing filtering at the perimeter, up to 90 percent of spam, malware, and other undesirable messages are eliminated from the message stream rather than admitting them into the mail server environment. Attachments are being used more frequently for different forms of attacks. By filtering undesirable attachments a large percent of malicious code can be prevented from entering the system. Attachments must be controlled at the entry point into the email environment to prevent successful attachment-based attacks. The following is a basic list of known attachments that should be filtered from Internet mail attachments: *.ade *.crt *.jse *.msi *.scr *.wsh *.dir *.adp *.csh *.ksh *.msp *.sct *.htm *.dcr *.app *.exe *.lnk *.mst *.shb *.html *.plg *.asx *.fxp *.mda *.ops *.shs *.htc *.spl *.bas *.hlp *.mdb *.pcd *.url *.mht *.swf *.bat *.hta *.mde *.pif *.vb *.mhtml *.zip *.chm *.inf *.mdt *.prf *.vbe *.shtm *.cmd *.ins *.mdw *.prg *.vbs *.shtml *.com *.isp *.mdz *.reg *.wsc *.stm *.cpl *.js *.msc *.scf *.wsf *.xml
STIG Date
MS Exchange 2013 Edge Transport Server Security Technical Implementation Guide 2018-09-18

Details

Check Text ( C-70343r1_chk )
Review the Email Domain Security Plan (EDSP).

Determine the list of undesirable attachment types that should be stripped.

Open the Exchange Management Shell and enter the following command:

Get-AttachmentFilterEntry

For each attachment type, if the values returned are different from the EDSP documented attachment types, this is a finding.
Fix Text (F-76105r1_fix)
Update the EDSP.

Open the Exchange Management Shell and enter the following command:

Add-AttachmentFilterEntry -Name <'*.FileExtension'> -Type FileName

Repeat the procedure for each undesirable attachment type.