Working with the EBS Beta in production for a while now we discovered that default config of the Security server (TMG / ISA, Exchange and Forefront Security for Exchange 2007 Edge [FSE]) is to remove suspicius attachments from emails replacing them with a Textfile just stating: "This attachment was removed." As I discovered getting the first email thats attachment has been stripped of there is NO quarantine or archiving of those attachments in securtiy server at all!
Caution: This has been changed in EBS during RC0 timeframe! The new behavior is that the security server wont strip attachments any more, but this seems still to be default in standalone Forefront for Exchange Edge installations.
In germany we have a legal issue with stripping attachments from email we send or receive, because of the legal need to archiv every business related communication for at least 15 years, non-electronic same as electronic communication.
So we really need to have ether a archiving/quarantine option or potentially containing dangerous content attachment stripping of security server needs to be switched of.
By now Mark Stanfill of the ProductSupport Team came back to me with the option of disabling the attachment filtering on Exchange 2007 Edge (Security server) with a PowerShell command:
Disable-TransportAgent -Identity "Attachment Filtering Agent"
To apply the change the Exchange transport service on the Security/Edge Server needs to be restarted.
From then on the Messaging server seemless takes over attachment scanning as it is enabled by Microsoft Forefront being part of EBS but until disabling the Edge attachment stripping more or less inactivly running:
The original contents of this file have been replaced with
this message because of its characteristics.
File name: 'Remote.zip'
Virus name: 'ExceedinglyInfected'
These files are quarantined on the Messaging server by MS Forefront and may be delivered anyways using the "MS Forefront Administrator" software on the Messaging server:
T odeliver the replaced attachment Click on "Report" in the left menu, select the quarantined file and then "deliver" on the right menu.
You may then change the receipient of the attachment i nthe "Confirm Delivery" window.
You should then get the attachment delivered to the receipient in a mail simillar to this: