[ExchangeList] Re: file filtering best practice?

  • From: "Arnold, Jamie" <harnold@xxxxxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 26 Jul 2006 08:37:33 -0400

Especially here.  With over a million emails daily (not including
Exchange traffic), we tend to be a big target.

 

From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Martin
Blackstone
Sent: Tuesday, July 25, 2006 10:14 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: file filtering best practice?

 

Right, but that would be after the 20th or so file came in. 

The outbreak flag wont usually fire until you are getting hammered.
That's a day later and a dollar short.

 

I agree with Jamie. Zero day / Zero hour is the concern.

 

________________________________

From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Teo De Las Heras
Sent: Tuesday, July 25, 2006 6:23 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: file filtering best practice?

Is there a settings where it would block zip attachments based on an
outbreak?  Normally your AV software should block any zip's with known
viruses.  The risk is that a new virus comes out, propogates via zip,
and noe of the AV vendors can identify.  In this case, an outbreak
'flag' would block/quarantine all zips temporarily. 

 

Teo

 



 

On 7/25/06, Arnold, Jamie <harnold@xxxxxxxxxxxxxx> wrote: 

In dealing with zip files specifically, I' m wondering what is
considered the "best practice "?  We simply remove the file at our edge
proxy, but have been getting a little flack from a few users.  Our data
shows that nearly 94% of the .zip files that come in via email are
infected so I' m not likely to be convinced to allow them through.

What say you?

 

Other related posts: