Kurt said: Mostly, I get these from China (or at least the emails use Chinese character sets.)
Which reminded me, I drop all packets from China, actually all of Asia, Africa and South America. No offense to those people, we don't get legit mail from there. So that its the key to my success. ________________________________________ From: [email protected] [[email protected]] on behalf of Kurt Buff [[email protected]] Sent: Tuesday, April 22, 2014 7:24 PM To: [email protected] Subject: Re: [Exchange] RE: Antivirus placement - Exchange 2010 Your results are more the outcome of your settings to block certain attachments than to the Barracuda's prowess in AV detection. I am not allowed to block attachments, we have a 410, and I regularly see infectious emails come through. Whenever I get an unexpected email with an attachment, I submit the attachment to http://www.threattracksecurity.com/resources/sandbox-malware-analysis.aspx and to https://malwr.com/ and regularly see results that make me shudder... Those submissions are in parallel to my submission to virustotal, and invariably the attachment has already been scanned, and nobody has a signature for it. Mostly, I get these from China (or at least the emails use Chinese character sets.) Kurt On Tue, Apr 22, 2014 at 4:13 PM, Kennedy, Jim <[email protected]> wrote: > > "Email AV gateway appliance (vm or physical) (Trend, Barracuda, etc.)" > > Specifically a Cuda. Only one email virus in a decade of using them. I block > exe's, password protected zips and the usual suspect file types with it, > that certainly helps. > > > ________________________________ > From: [email protected] [[email protected]] on > behalf of Stringham, Steven [[email protected]] > Sent: Tuesday, April 22, 2014 5:53 PM > To: [email protected] > Subject: [Exchange] Antivirus placement - Exchange 2010 > > Antivirus software and Exchange 2010 – where should I put it? I am looking > at this as a performance, security balancing act. So, my thoughts are where > do you folks put it. A little poll please… > > > > ____ AntiSpam outside service – before my internal systems see it. > > > > ____ Email AV gateway appliance (vm or physical) (Trend, Barracuda, etc.) > > > > ____ Edge Gateway role servers > > > > ____ Hub Transport servers > > > > ____ Mailbox servers > > > > > > Personally, I think this is a bit of an all of the above type thing, but, > where would you put AV for Email. > > > > And, do you use separate brands for different spots? > > > > Thanks > > Steven Stringham > > > > > > > ________________________________ > > This message and any attachments are intended only for the use of the > individual or entity to which they are addressed. If the reader of this > message or an attachment is not the intended recipient or the employee or > agent responsible for delivering the message or attachment to the intended > recipient you are hereby notified that any dissemination, distribution or > copying of this message or any attachment is strictly prohibited. If you > have received this communication in error, please notify us immediately by > replying to the sender. The information transmitted in this message and any > attachments may be privileged, is intended only for the personal and > confidential use of the intended recipients, and is covered by the > Electronic Communications Privacy Act, 18 U.S.C. §2510-2521. > > In accordance with Internal Revenue Service Circular 230, we advise you that > if this message or any attachments contains any tax advice, such tax advice > was not intended or written to be used, and it cannot be used, by any > taxpayer for the purpose of avoiding penalties that may be imposed on the > taxpayer.
