Zip file attachment
-
Unfortunately, we do allow zip (and other archive) files. We have on premises Exchange with Barracuda filtering in two levels then Trend Micro on the endpoints.
-
Our filter will sideline zips that contain executables, but otherwise we don't block them
-
I have also noticed that I don't really like the way Barracuda handles the file attachment blocking, in that if someone whitelists the email address, domain or IP, it overrides attachment blocking. For instance, the crypto ransomware love to use macro enabled office files and I have explicitly blocked them. But if the sender is somehow whitelisted, they will come right through and it is up to Trend and my application whitelisting GPO to prevent an infection.
I am going to have to contact them to see if there is a way to have 2 levels of blocking where you can say that certain attachments will never be allowed, despite whitelisting.
-
@RojoLoco said in Zip file attachment:
Our filter will sideline zips that contain executables, but otherwise we don't block them
Which filter are you using?
-
@wrx7m said in Zip file attachment:
@RojoLoco said in Zip file attachment:
Our filter will sideline zips that contain executables, but otherwise we don't block them
Which filter are you using?
It's called AnteSpam, from a company called Hiwaay, which is based out of Huntsville, AL. Yes, it's a tiny little podunk town and an equally podunk spam filter. But my bosses are nostalgic, so they kept this service when they moved from AL to GA.
-
@RojoLoco - I have never heard of nostalgia as a reason to keep a technology solution. LOL That made my day.
-
@wrx7m said in Zip file attachment:
For instance, the crypto ransomware love to use macro enabled office files and I have explicitly blocked them.
Interesting - I wonder if AppRiver can do that - block Office documents with macros - I have a call to make!
-
@Dashrender I would be interested to find this out too. I trialed them a couple years ago to see about switching to them from Barracuda. Never got enough testing in to make a definitive comparison.
-
@wrx7m said in Zip file attachment:
@Dashrender I would be interested to find this out too. I trialed them a couple years ago to see about switching to them from Barracuda. Never got enough testing in to make a definitive comparison.
I have been using them for 10+ years (I think it's closer to 15). Their interface is fantastic and they keep all the virus and spam off my network 100% (i.e. the traffic doesn't clog up my internet connection). They do have a fair number of filters and an interface for users to request their own whitelisting, releasing of blocked messages, etc.
I pay around $1/user/month, but I think I'm grandfathered into that price.
You have O365 and you still use an external filter?
-
@Dashrender I am still on-prem but plan on moving to O365 at the beginning of next year (If all things line up). I am using Barracuda's cloud layer, which takes the brunt of it and then have a local appliance that filters inbound and outbound.