[ExchangeList] Re: file filtering best practice?
- From: Rick Boza <rickb@xxxxxxxxxxxxxxx>
- To: <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 25 Jul 2006 08:55:57 -0400
I¹ve had great experiences with Antigen (formerly Sybari, now Microsoft) on
this very topic. Antigen opens all zips and quarantines those that have
infections. Password protected ones can be automatically quarantined.
Another great feature is the ability to scan and/or filter files that have
had their extensions changed in an attempt to get past a mail filter it
opens the file up and examines it rather than just relying on .zip as the
extension to identify it.
Great stuff.
Rick
On 7/25/06 8:49 AM, "Arnold, Jamie" <harnold@xxxxxxxxxxxxxx> wrote:
> Martin:
>
> May I ask what you use to quarantine them?
>
> Thanks
>
>
> From: exchangelist-bounce@xxxxxxxxxxxxx
> [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Martin Blackstone
> Sent: Tuesday, July 25, 2006 8:33 AM
> To: exchangelist@xxxxxxxxxxxxx
> Subject: [ExchangeList] Re: file filtering best practice?
>
> We quarantine them, then release if they are OK.
> The users don't love it, but they understand it.
>
>
>
> From: exchangelist-bounce@xxxxxxxxxxxxx
> [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Arnold, Jamie
> Sent: Tuesday, July 25, 2006 5:31 AM
> To: exchangelist@xxxxxxxxxxxxx
> Cc: Exchange2000@xxxxxxxxxxxxxxx
> Subject: [ExchangeList] file filtering best practice?
> In dealing with zip files specifically, I¹m wondering what is considered the
> ³best practice²? We simply remove the file at our edge proxy, but have been
> getting a little flack from a few users. Our data shows that nearly 94% of the
> .zip files that come in via email are infected so I¹m not likely to be
> convinced to allow them through.
>
> What say you?
>
Other related posts:
