Hello,
By default, Office 365 does provide a protection about malware, and you can configure it to warn administrators if some malwares are detected.
Office 365 Anti Malware
But, by default Exchange Online does a very poor job at filtering email with potential threats, that’s why you need to create a rule to protect your-self :
Name it as you want, pick something you will remember, and then click on “More Options…”
Select to apply the rule if any attachments has executable content :
Block the message with an explanation :
Specify the rejection reason :
Untick the audit box, and then click on save :
And here your Office 365 Anti Malware rule go, you can see a quick resume and on the right :
The rule will reject any email containing executable content like : .dll,.exe,.jar,.obj,.vxd,.os2,.w16,.dos,.com,.pif
and is maintained by Microsoft, and will look inside zip files.
You can find some best practices for Exchange Online Protection from Microsoft here :
https://technet.microsoft.com/en-us/library/jj723164%28v=exchg.150%29.aspx
If you want to go further, you can subscribe to Exchange Online Advanced Threat Protection that will go far more deeper in attachment scanning to protect you.
PowerShell way
If you enabled PowerShell logging, you can see the PowerShell OneLiner to do this :
New-TransportRule -AttachmentHasExecutableContent:$true -RejectMessageReasonText 'Has executable content' -Name 'Block Executable Content' -StopRuleProcessing:$false -SetAuditSeverity 'DoNotAudit' -Mode 'Enforce' -Comments '' -RuleErrorAction 'Ignore' -SenderAddressLocation 'Header'
Way more faster than all of those clicks !
Good article butni can note some stranges things, in the list of extension you specify \”.rar\” but it\’s not an executable extension file but a compressed file.
And you repeat \”.exe\” more than once.