Attachment blocking prevents email messages containing suspicious attachments from being delivered to the Exchange Information Store. ScanMail can block attachments according to the attachment type, attachment name, attachment extension, or when the attachment contains a suspicious URL and then replace, quarantine, or delete all the messages that have attachments that match your configuration. Blocking can occur during real-time, manual, and scheduled scanning.

The extension of an attachment identifies the file type, for example .doc, .exe, or .dll. Many viruses/malware are closely associated with certain types of files. By configuring ScanMail to block according to file type, you can decrease the security risk to your Exchange servers from those types of files. Similarly, specific attacks are often associated with a specific file name.

Recipients for messages can match one attachment blocking exception or the attachment blocking global rule based on priority. If the recipient matches an attachment blocking exception, then targets selected in the exception will be excluded from attachment blocking global rule. If the recipient does not match any attachment blocking exceptions, then the attachment blocking global rule is applied.

Four types of accounts are supported for customizing specified Recipients: Active Directory users, Active Directory contacts, Active Directory distribution groups and special groups.

For each attachment blocking exception, you can specify selected accounts and excluded accounts. The exception applies to those accounts that belong to selected accounts but does not apply to those that belong to the excluded accounts. For example, Active Directory Group1 contains ADuser1 and ADuser2. When selected accounts includes "AD Group1", excluded accounts include "ADuser1", then the policy only applies to ADuser2.