Hello,

You can block any extension on the Cisco ESA using Content Filtering in your Incoming Mail Policy.

Mail Policies -> Incoming Content Filtering -> Attachment Filetype: Executable

Mail Policies -> Incoming Content Filtering -> Attachment Filename contains: Executable(?i)\.(rar|scr)$

Set Action to drop or per your requirements.

Another option is to use a message filter. For example:

attach_drop: if (attachment-filename =='(?i)\\.(ade|cmd|eml|ins|mdb|mst|reg|url|wsf|adp|com|exe|isp|mde|pcd|scr|vb|wsh|bas|cpl|hlp|js|msc|pif|sct|vbe|bat|crt|hta|jse|msi|pl|scx|vbs|chm|dll|inf|lnk|msp|pot|shs|wsc)$'){
drop();
}