I would love to quarantine only the ones with Macros. That would be hhhhuuuuggggeee. Our current on-prem Barracuda can't do that (or if it can, I sure don't know about it.) How do you do it?
On Wed, Dec 9, 2015 at 1:31 PM, Mark Gottschalk <[email protected]> wrote: > I quarantine only Office attachments that contain macros. I have the > option of stripping all macros from office docs, but 99%+ of all Word/Excel > files we receive with macros are trojans anyway. I've had to release from > quarantine maybe half a dozen legitimate office docs with macros this year. > > > > > From: Richard Stovall <[email protected]> > To: [email protected] > Date: 12/09/2015 10:23 AM > Subject: Re: [NTSysADM] Encry pting File Attachments > Sent by: [email protected] > ------------------------------ > > > > Not surprising at all. I do the same thing. I am also manually triaging > all Office attachments (though that is a major pain and will go away pretty > soon when we add another layer of automated defense). > > On Wed, Dec 9, 2015 at 1:08 PM, Mark Gottschalk <*[email protected]* > <[email protected]>> wrote: > We quarantine all emails with html attachments (such as the secure Cisco > email), since the majority (90%+) we see are trojans or phishing. Same for > zip files in email, believe it or not. Those are easily topping 99.9% > trojans (thousands received in the past week). Same for dozens of more > obscure attachment types. Recipients get a quarantine notification if the > originating mail server is not also a known spam source. If the email is > legit and needed, they request it being released. I see zero to two zip > file recovery requests a week, tops. > > I don't trust an antivirus system enough to allow users to decide whether > or not to open attachment types that are overwhelmingly used maliciously in > email. But, I get the need for occasional, easy-to-use secure messaging > and the tradeoff between irritation and security. > > -- Mark > > > > > From: David McSpadden <*[email protected]* <[email protected]>> > To: "*[email protected]* <[email protected]>" > <*[email protected]* <[email protected]>> > Date: 12/09/2015 09:04 AM > Subject: RE: [NTSysADM] Encry pting File Attachments > Sent by: *[email protected]* > <[email protected]> > ------------------------------ > > > > > Well, > It is better than seeing my members data on FoxNews I suppose. > But yeah, hate it from time to time. > > > * From:* *[email protected]* <[email protected]> > [*mailto:[email protected]* <[email protected]>] > *On Behalf Of *Gavin Wilby > * Sent:* Wednesday, December 9, 2015 12:01 PM > * To:* '*[email protected]* <[email protected]>' < > *[email protected]* <[email protected]>> > * Subject:* RE: [NTSysADM] Encry pting File Attachments > > J > > That’s a very annoying feature you have. > > * Gavin Wilby* > * IT Support Engineer* > > > This e-mail and any files transmitted with it are property of Indiana > Members Credit Union, are confidential, and are intended solely for the use > of the individual or entity to whom this e-mail is addressed. If you are > not one of the named recipient(s) or otherwise have reason to believe that > you have received this message in error, please notify the sender and > delete this message immediately from your computer. Any other use, > retention, dissemination, forwarding, printing, or copying of this email is > strictly prohibited. > > Please consider the environment before printing this email. > >
