Attachment Filtering - ORF Forums

@Jean: I understand your are basically running an attachment filter for the MIME type "application/octet-stream" and no file name specified, is that correct? This would indeed behave the way you have described, but not only this won't catch .DOC files, you can expect a few more issues with that.

As for why it doesn't catch .EXE files renamed to .DOC is that these latter usually have the MIME type "application/msword". The MIME type is entirely up to the email client (e.g. Outlook). When composing an email, the email client typically turns to the list of known-file-extension-to-MIME-type associations and assigns the MIME type based on the extension. Due to this, when you change the file extension to .DOC, the MIME type also changes to "application/msword". You can find a lot of those associations under HKEY_CLASSES_ROOT\MIME\Database\Content Type in the registry.

About the issues you may run into: The "application/octet-stream" MIME type is basically a catch-all MIME type used for .EXE files, but also for _any unidentified binary content_. When receiving email from the outside of your organization, you cannot be sure if the original composing email client was smart enough to assign "application/pdf" MIME type for a .PDF file, so you might be losing attachment/emails to this.

Unfortunately, the Attachment Filtering feature of ORF not sophisticated enough to recognize such .EXE files posing as .DOC files. In this sense, you should consider it more like a first line of defense. I suppose you also run anti-virus software on your server and these typically have really good attachment support given the nature of threats they're dealing with. You might want to give a try to your AV to see if it has something for this specific scenario.