ScanMail from Trend Micro.
From: Richard Stovall <[email protected]> To: [email protected] Date: 12/09/2015 10:42 AM Subject: Re: [NTSysADM] Encry pting File Attachments Sent by: [email protected] I would love to quarantine only the ones with Macros. That would be hhhhuuuuggggeee. Our current on-prem Barracuda can't do that (or if it can, I sure don't know about it.) How do you do it? On Wed, Dec 9, 2015 at 1:31 PM, Mark Gottschalk <[email protected]> wrote: I quarantine only Office attachments that contain macros. I have the option of stripping all macros from office docs, but 99%+ of all Word/Excel files we receive with macros are trojans anyway. I've had to release from quarantine maybe half a dozen legitimate office docs with macros this year. From: Richard Stovall <[email protected]> To: [email protected] Date: 12/09/2015 10:23 AM Subject: Re: [NTSysADM] Encry pting File Attachments Sent by: [email protected] Not surprising at all. I do the same thing. I am also manually triaging all Office attachments (though that is a major pain and will go away pretty soon when we add another layer of automated defense). On Wed, Dec 9, 2015 at 1:08 PM, Mark Gottschalk <[email protected]> wrote: We quarantine all emails with html attachments (such as the secure Cisco email), since the majority (90%+) we see are trojans or phishing. Same for zip files in email, believe it or not. Those are easily topping 99.9% trojans (thousands received in the past week). Same for dozens of more obscure attachment types. Recipients get a quarantine notification if the originating mail server is not also a known spam source. If the email is legit and needed, they request it being released. I see zero to two zip file recovery requests a week, tops. I don't trust an antivirus system enough to allow users to decide whether or not to open attachment types that are overwhelmingly used maliciously in email. But, I get the need for occasional, easy-to-use secure messaging and the tradeoff between irritation and security. -- Mark From: David McSpadden <[email protected]> To: "[email protected]" <[email protected]> Date: 12/09/2015 09:04 AM Subject: RE: [NTSysADM] Encry pting File Attachments Sent by: [email protected] Well, It is better than seeing my members data on FoxNews I suppose. But yeah, hate it from time to time. From: [email protected] [ mailto:[email protected]] On Behalf Of Gavin Wilby Sent: Wednesday, December 9, 2015 12:01 PM To: '[email protected]' <[email protected]> Subject: RE: [NTSysADM] Encry pting File Attachments J That?s a very annoying feature you have. Gavin Wilby IT Support Engineer This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
