Although it can be very useful to attach files to documents, hackers often use this metthod to attach infected payloads and this can be very difficult to eliminate. The filter is constantly modified to catch infected attachments. However if it suits you better you can set up custom rules to block all emails that have zip attachments.
The Custom Filter Rules feature supports the ability to create filters based on the file name of any attachment.
If you are looking to block attachments that are almost always unsafe, we highly recommend enabling the Unsafe attachments filter option on the filtering policies page (Settings > filtering).
To block attachment types that are not covered by the Unsafe attachments filter, such as .zip, .docx or .docm, you can create a custom filter rule as follows:
1. Go to Settings > custom filters.
2. Click Add new...
3. Choose "Attachment name" as the search target.
4. Enter the extension (including the proceeding "dot") to block, as shown in this example:
The above example shows a rule to deep filter all .zip attachments. The deep filter option will delay messages for up to two hours and then re-scan them before delivery. Choose the quarantine option to send them straight to the quarantine without re-scanning.
Note also that this example shows an Account Level rule that will affect all domains on your account. To create a rule that only applies to a single domain, click on the Domain Level tab before creating the rule.
To create exceptions for certain senders, add them to your approved senders list.
