I can't block attachments, of any kind. I am allowed to quarantine "windows executables" and "windows scripts". The machine does scan archives.
I can't block on country code. I am able to use RBLs, and use several - the Barracuda and Zen, mostly. All users (except me, and that's self-imposed) are admins on their machines. It's pretty appalling - but that's the job. To be fair, the attachments that are coming through that are nastiest aren't direct .exe/.com/.bat, etc. They are MS Office file types, with an occasional PDF thrown in for fun. Kurt On Tue, Apr 22, 2014 at 5:01 PM, Richard Stovall <[email protected]> wrote: > You can't block *ANY* attachments? > > That can't be right. > > > On Tue, Apr 22, 2014 at 7:25 PM, Kurt Buff <[email protected]> wrote: >> >> Your results are more the outcome of your settings to block certain >> attachments than to the Barracuda's prowess in AV detection. >> >> I am not allowed to block attachments, we have a 410, and I regularly >> see infectious emails come through. >> >> Whenever I get an unexpected email with an attachment, I submit the >> attachment to >> http://www.threattracksecurity.com/resources/sandbox-malware-analysis.aspx >> and to https://malwr.com/ and regularly see results that make me >> shudder... >> >> Those submissions are in parallel to my submission to virustotal, and >> invariably the attachment has already been scanned, and nobody has a >> signature for it. >> >> Mostly, I get these from China (or at least the emails use Chinese >> character sets.) >> >> >> Kurt >> >> On Tue, Apr 22, 2014 at 4:13 PM, Kennedy, Jim >> <[email protected]> wrote: >> > >> > "Email AV gateway appliance (vm or physical) (Trend, Barracuda, etc.)" >> > >> > Specifically a Cuda. Only one email virus in a decade of using them. I >> > block >> > exe's, password protected zips and the usual suspect file types with it, >> > that certainly helps. >> > >> > >> > ________________________________ >> > From: [email protected] [[email protected]] on >> > behalf of Stringham, Steven [[email protected]] >> > Sent: Tuesday, April 22, 2014 5:53 PM >> > To: [email protected] >> > Subject: [Exchange] Antivirus placement - Exchange 2010 >> > >> > Antivirus software and Exchange 2010 – where should I put it? I am >> > looking >> > at this as a performance, security balancing act. So, my thoughts are >> > where >> > do you folks put it. A little poll please… >> > >> > >> > >> > ____ AntiSpam outside service – before my internal systems see it. >> > >> > >> > >> > ____ Email AV gateway appliance (vm or physical) (Trend, Barracuda, >> > etc.) >> > >> > >> > >> > ____ Edge Gateway role servers >> > >> > >> > >> > ____ Hub Transport servers >> > >> > >> > >> > ____ Mailbox servers >> > >> > >> > >> > >> > >> > Personally, I think this is a bit of an all of the above type thing, >> > but, >> > where would you put AV for Email. >> > >> > >> > >> > And, do you use separate brands for different spots? >> > >> > >> > >> > Thanks >> > >> > Steven Stringham >> > >> > >> > >> > >> > >> > >> > ________________________________ >> > >> > This message and any attachments are intended only for the use of the >> > individual or entity to which they are addressed. If the reader of this >> > message or an attachment is not the intended recipient or the employee >> > or >> > agent responsible for delivering the message or attachment to the >> > intended >> > recipient you are hereby notified that any dissemination, distribution >> > or >> > copying of this message or any attachment is strictly prohibited. If you >> > have received this communication in error, please notify us immediately >> > by >> > replying to the sender. The information transmitted in this message and >> > any >> > attachments may be privileged, is intended only for the personal and >> > confidential use of the intended recipients, and is covered by the >> > Electronic Communications Privacy Act, 18 U.S.C. §2510-2521. >> > >> > In accordance with Internal Revenue Service Circular 230, we advise you >> > that >> > if this message or any attachments contains any tax advice, such tax >> > advice >> > was not intended or written to be used, and it cannot be used, by any >> > taxpayer for the purpose of avoiding penalties that may be imposed on >> > the >> > taxpayer. >> >> >
