I want the following:
- If the a message contains known malware, delete it. (= Protection from known vulnerabilities)
- If a message does not contain know malware but contains a "potentially dangerous attachment", keep the message but replace the attachment with a message. (= Protection from zero-day vulnerabilities)
Office 365 offers Common Attachment Blocking, which does something similar, but not exactly the same:
If a message contains a "potentially dangerous attachment", treat it like malware. If malware is found:
- Keep the message but replace the attachment with a message (or inform an administrator) or
- delete it.
Obviously, none of these two options is even remotely usable: The first option does not silently delete known malware, thus bothering users and/or administrators with messages that could safely be deleted, and the second option could cause benign e-mails to be lost.
Is it possible to configure a "sane" policy (as described at the top of my question) in Exchange Online?