Blocking Zip files in Exchange Online Protection CAB

%3CLINGO-SUB%20id%3D%22lingo-sub-165915%22%20slang%3D%22en-US%22%3EBlocking%20Zip%20files%20in%20Exchange%20Online%20Protection%20CAB%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-165915%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHello%20Everyone%2C%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EI%20have%20question%20regarding%20CAB%20(Common%20Attachment%20Blocking)%20in%20Exchange%20Online%20Protection.%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EDoes%20it%20support%20blocking%20attached%20zip%20files%20in%20emails%20without%20also%20blocking%20attached%20pptx%2C%20docx%2C%20xlsx%20files%3F%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EIn%20my%20test%20tenant%20if%20i%20add%20zip%20extension%20to%20CAB%2C%20all%20pptx%2Cdocx%20etc%20attached%20files%20are%20also%20blocked%20via%20malware%20filter%2C%20as%20they%20are%20being%20considered%20at%20%22zipped%22%20files.%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EIf%20i%20use%20a%20mail%20flow%20instead%20of%20CAB%20and%20block%20only%20*.zip%20files%20pptx%2Cdocx%20etc%20are%20not%20blocked%20however%20doing%20so%20removes%20the%20ability%20to%20detect%20renamed%20zip%20files.%20For%20e.g.%20if%20i%20rename%20abc.zip%20to%20abc.txt%20it%20will%20not%20be%20blocked%20if%20configured%20via%20mail%20flow%20rules.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EWhat%20i%20need%20is%20ability%20to%20detect%20renamed%20zip%20files%20while%20also%20allowing%20pptx%2Cdocx%20etc%20files%20to%20go%20through%20normally%20as%20attachments.%20Is%20that%20a%20supported%20scenario%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Established Member

Hello Everyone,
I have question regarding CAB (Common Attachment Blocking) in Exchange Online Protection. 
Does it support blocking attached zip files in emails without also blocking attached pptx, docx, xlsx files?

In my test tenant if i add zip extension to CAB, all pptx,docx etc attached files are also blocked via malware filter, as they are being considered at "zipped" files. 
If i use a mail flow instead of CAB and block only *.zip files pptx,docx etc are not blocked however doing so removes the ability to detect renamed zip files. For e.g. if i rename abc.zip to abc.txt it will not be blocked if configured via mail flow rules.
What i need is ability to detect renamed zip files while also allowing pptx,docx etc files to go through normally as attachments. Is that a supported scenario?

0 Replies