I thought you had a new CIO/CTO that was relatively clueful? Is that not right?
OK, don't answer that. On Tue, Apr 22, 2014 at 8:39 PM, Kurt Buff <[email protected]> wrote: > I can't block attachments, of any kind. I am allowed to quarantine > "windows executables" and "windows scripts". The machine does scan > archives. > > I can't block on country code. > > I am able to use RBLs, and use several - the Barracuda and Zen, mostly. > > All users (except me, and that's self-imposed) are admins on their > machines. > > It's pretty appalling - but that's the job. > > To be fair, the attachments that are coming through that are nastiest > aren't direct .exe/.com/.bat, etc. They are MS Office file types, with > an occasional PDF thrown in for fun. > > Kurt > > > On Tue, Apr 22, 2014 at 5:01 PM, Richard Stovall <[email protected]> > wrote: > > You can't block *ANY* attachments? > > > > That can't be right. > > > > > > On Tue, Apr 22, 2014 at 7:25 PM, Kurt Buff <[email protected]> wrote: > >> > >> Your results are more the outcome of your settings to block certain > >> attachments than to the Barracuda's prowess in AV detection. > >> > >> I am not allowed to block attachments, we have a 410, and I regularly > >> see infectious emails come through. > >> > >> Whenever I get an unexpected email with an attachment, I submit the > >> attachment to > >> > http://www.threattracksecurity.com/resources/sandbox-malware-analysis.aspx > >> and to https://malwr.com/ and regularly see results that make me > >> shudder... > >> > >> Those submissions are in parallel to my submission to virustotal, and > >> invariably the attachment has already been scanned, and nobody has a > >> signature for it. > >> > >> Mostly, I get these from China (or at least the emails use Chinese > >> character sets.) > >> > >> > >> Kurt > >> > >> On Tue, Apr 22, 2014 at 4:13 PM, Kennedy, Jim > >> <[email protected]> wrote: > >> > > >> > "Email AV gateway appliance (vm or physical) (Trend, Barracuda, etc.)" > >> > > >> > Specifically a Cuda. Only one email virus in a decade of using them. I > >> > block > >> > exe's, password protected zips and the usual suspect file types with > it, > >> > that certainly helps. > >> > > >> > > >> > ________________________________ > >> > From: [email protected] [[email protected]] > on > >> > behalf of Stringham, Steven [[email protected]] > >> > Sent: Tuesday, April 22, 2014 5:53 PM > >> > To: [email protected] > >> > Subject: [Exchange] Antivirus placement - Exchange 2010 > >> > > >> > Antivirus software and Exchange 2010 – where should I put it? I am > >> > looking > >> > at this as a performance, security balancing act. So, my thoughts are > >> > where > >> > do you folks put it. A little poll please… > >> > > >> > > >> > > >> > ____ AntiSpam outside service – before my internal systems see it. > >> > > >> > > >> > > >> > ____ Email AV gateway appliance (vm or physical) (Trend, Barracuda, > >> > etc.) > >> > > >> > > >> > > >> > ____ Edge Gateway role servers > >> > > >> > > >> > > >> > ____ Hub Transport servers > >> > > >> > > >> > > >> > ____ Mailbox servers > >> > > >> > > >> > > >> > > >> > > >> > Personally, I think this is a bit of an all of the above type thing, > >> > but, > >> > where would you put AV for Email. > >> > > >> > > >> > > >> > And, do you use separate brands for different spots? > >> > > >> > > >> > > >> > Thanks > >> > > >> > Steven Stringham > >> > > >> > > >> > > >> > > >> > > >> > > >> > ________________________________ > >> > > >> > This message and any attachments are intended only for the use of the > >> > individual or entity to which they are addressed. If the reader of > this > >> > message or an attachment is not the intended recipient or the employee > >> > or > >> > agent responsible for delivering the message or attachment to the > >> > intended > >> > recipient you are hereby notified that any dissemination, distribution > >> > or > >> > copying of this message or any attachment is strictly prohibited. If > you > >> > have received this communication in error, please notify us > immediately > >> > by > >> > replying to the sender. The information transmitted in this message > and > >> > any > >> > attachments may be privileged, is intended only for the personal and > >> > confidential use of the intended recipients, and is covered by the > >> > Electronic Communications Privacy Act, 18 U.S.C. §2510-2521. > >> > > >> > In accordance with Internal Revenue Service Circular 230, we advise > you > >> > that > >> > if this message or any attachments contains any tax advice, such tax > >> > advice > >> > was not intended or written to be used, and it cannot be used, by any > >> > taxpayer for the purpose of avoiding penalties that may be imposed on > >> > the > >> > taxpayer. > >> > >> > > > > >
