Restricting File Attachments Allowed

Each mailbox has two distinct fields, Discard MIME Types and Discard File Types. These fields allow you to specify types of files that will not be attached to an incident created from mail sent to the mailbox. Multiple entries must be in a comma-separated list or with a single value per line. To prevent incidents from being created for emails that have a *.exe or *.vbs extension, edit each mailbox and include *.exe, *.vbs  in the Discard File Types field.

Preventing Incident Creation

Editing the Discard MIME Types and Discard File Types fields in the mailbox prevents the files from being attached to the incoming incident, but the incident is still created from the email -- minus the attachment. If you want to prevent the incident from being created as well, you can configure a rule to not create the incident based on contents of the subject or body of the email:

IF:
Incident Source: Email
If Incident.Customer thread matches regular expression bytes
If Incident.Customer thread matches regular expression discarded
If Incident.Customer thread matches regular expression application
If Incident.Customer thread matches regular expression Attachment

Then:
Do not create incident.**

All of the IF statements should be joined by the AND connector. These words will all be present together in incidents generated with deleted attachments.

This rule should be placed first in your list of rules.

Note: Consider starting off with a rule that allows the incident to be created (minus the attachment) and assigns the incident to a specific group or sets it to the Solved status instead of not creating the incident. This allows you to review which incidents are coming in and are being affected by the rule to ensure that you are not preventing valid incidents from being created.