Attachment blocking prevents email messages containing suspicious attachments from being delivered. ScanMail can block attachments according to the following:

After detecting a suspicious attachment, ScanMail can then replace, quarantine, or delete all the messages that match a policy rule. Blocking can occur during real-time, manual, and scheduled scanning.

The extension of an attachment identifies the file type, for example .doc, .exe, or .dll. Many viruses/malware are closely associated with certain types of files. By configuring ScanMail to block according to file type, administrators can decrease the security risk to Exchange servers from those types of files. Similarly, specific attacks are often associated with a specific file name.

Recipients for messages can match one attachment blocking exception or the attachment blocking global rule based on priority. If the recipient matches an attachment blocking exception, then targets selected in the exception are excluded from attachment blocking global rule. If the recipient does not match any attachment blocking exceptions, then the attachment blocking global rule is applied.

Four types of accounts are supported for customizing specified Recipients: Active Directory users, Active Directory contacts, Active Directory distribution groups and special groups.

For each attachment blocking exception, administrators can specify selected accounts and excluded accounts. The exception applies to those accounts that belong to selected accounts but does not apply to those that belong to the excluded accounts. For example, Active Directory Group1 contains ADuser1 and ADuser2. When selected accounts includes "AD Group1", excluded accounts include "ADuser1", then the policy only applies to ADuser2.