SchulzStefan
Blocking by filename type (suffix) is flawed, as files can be an exe or zip or whatever else type content but be named *.txt, thus avoiding detection.
I don't understand - *every* attachment is different.
Well so you claim.
In plain english, in most cases though, files of a certain format, say zipv1, have a common set of characters at the very beginning of the file "code", this is known as the "magic" or "signature" or "pattern", & is usually 9 characters or more that are identical in "every" zipv1 file.
The same concept applies to zipv2 & exe & other file formats, they all have a unique & identical set of characters at the beginning of the file, which is identical for each specific file format type.
The neat aspect of file pattern matching is that the file can have a false name, say filename.txt, but if it is actually a zipv1 or exe format file, then the pattern matching will detect & reject it. A false name cannot trick or fool the pattern matching filter, as it examines the file content rather than the file name.
So as no specific pattern is listed in the SME server database for iso & img files, you will need to determine what the pattern or magic is, add it to the mailpatterns database & select that option in server manager.
The full instructions are in the Howto & while appearing to be complex, it is fairly straightforward if you follow the step by step instructions (ie the section about determining the magic & creating a database entry).
I do not personally know for sure if there are common patterns for all variants of iso & img files, that is why you would need to run the commands described in the Howto against a few different iso & img files.