I want to start blocking attachment types that could contain malicious content. I've come across the following PowerShell snippet online:
New-TransportRule -Name 'Block All .ZIP Attachments' -Priority '0' -Enabled $true -AttachmentNameMatchesPatterns ' *.zip' -DeleteMessage $true
Is this (-AttachmentNameMatchesPatterns) the best method to block ZIP attachments?
We also started to block *.ZIP attachments with the Microsoft transport engine similar the approach you are using. However we found out during an audit that some malware passed our AntiVirus environment which was send as *.rar or *.jar instead *.zip. We also found out, that some user got a *.URL as attachment, which contains a URL to malware. So you might wish to block *.rar, *.jar and *.url as well (I think *.exe, *.com, *.w16, *.pif, ... are already blocked on your side, as that's the most malicious content on our side).
Additional: MS Exchange 2013 has a build in antivirus engine which isn´t that bad and which you might wish to enable if not already in place to add an additional layer.
