[ExchangeList] Re: file filtering best practice?
- From: "Teo De Las Heras" <teoheras@xxxxxxxxx>
- To: exchangelist@xxxxxxxxxxxxx
- Date: Wed, 26 Jul 2006 00:52:18 -0400
From what I've read, outbreak filters are design to work at Zero day.
Zero Day worms:
We use IronPort:
Teo
On 7/25/06, Martin Blackstone <MBlackstone@xxxxxxxxxxxxxxxxxx> wrote:
Right, but that would be after the 20th or so file came in.
The outbreak flag wont usually fire until you are getting hammered. That's a day later and a dollar short.
I agree with Jamie. Zero day / Zero hour is the concern.
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx
] On Behalf Of Teo De Las Heras
Sent: Tuesday, July 25, 2006 6:23 PM
To:
exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: file filtering best practice?
Is there a settings where it would block zip attachments based on an outbreak? Normally your AV software should block any zip's with known viruses. The risk is that a new virus comes out, propogates via zip, and noe of the AV vendors can identify. In this case, an outbreak 'flag' would block/quarantine all zips temporarily.
Teo
On 7/25/06, Arnold, Jamie <
harnold@xxxxxxxxxxxxxx> wrote:
In dealing with zip files specifically, I'
m wondering what is considered the "best practice
"? We simply remove the file at our edge proxy, but have been getting a little flack from a few
users. Our data shows that nearly 94% of the .zip files that come in via email are infected so I
' m not likely to be convinced to allow them through.
What say you?
- References:
- [ExchangeList] Re: file filtering best practice?
- From: Teo De Las Heras
- [ExchangeList] Re: file filtering best practice?
- From: Martin Blackstone
Other related posts:
- » [ExchangeList] file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
- » [ExchangeList] Re: file filtering best practice?
Right, but that would be after the 20th or so file came in.The outbreak flag wont usually fire until you are getting hammered. That's a day later and a dollar short.I agree with Jamie. Zero day / Zero hour is the concern.
From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx ] On Behalf Of Teo De Las Heras
Sent: Tuesday, July 25, 2006 6:23 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: file filtering best practice?
Is there a settings where it would block zip attachments based on an outbreak? Normally your AV software should block any zip's with known viruses. The risk is that a new virus comes out, propogates via zip, and noe of the AV vendors can identify. In this case, an outbreak 'flag' would block/quarantine all zips temporarily.Teo
On 7/25/06, Arnold, Jamie < harnold@xxxxxxxxxxxxxx> wrote:In dealing with zip files specifically, I' m wondering what is considered the "best practice "? We simply remove the file at our edge proxy, but have been getting a little flack from a few users. Our data shows that nearly 94% of the .zip files that come in via email are infected so I ' m not likely to be convinced to allow them through.
What say you?
- [ExchangeList] Re: file filtering best practice?
- From: Teo De Las Heras
- [ExchangeList] Re: file filtering best practice?
- From: Martin Blackstone