[ExchangeList] Re: file filtering best practice?
- From: Rick Boza <rickb@xxxxxxxxxxxxxxx>
- To: <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 25 Jul 2006 09:16:36 -0400
Ah, but Antigen can also scan the SMTP blobs at your gateways. Of course, a
*nix smtp gateway would preclude this, but I¹d have to check if the new edge
services would support it I tend to think it would. You¹d be dropping a
Win2K3 server in place of your gateway though, and I doubt you were looking
for a major change in your architecture.
Anyhow, just a thought!
And certainly just a suggestion of course, all environments and requirements
are different when you get into the upper strata as you describe.
On 7/25/06 9:08 AM, "Arnold, Jamie" <harnold@xxxxxxxxxxxxxx> wrote:
> Thanks, Rick:
>
> I¹ve actually used Antigen from it¹s inception. They were the only cluster
> aware product back in 1997. This issue is larger than that unfortunately.
> I¹m looking at our main campus mail system which is *IX based (Cyrus and
> Sendmail). We currently use a Barracuda as the edge proxy and it works
> wonderfully. We get around 1 million emails a day and drop over 96% of them
> due to file filtering or infection. Currently, we simply drop emails with
> certain file extensions as we have over 48,000 unique email addresses and
> asking every user to monitor and maintain their quarantine space would be a
> staggering undertaking. Many would simply never look there and the storage
> requirements for some 940,000 emails daily is, well?enormous.
>
> I use Antigen in the manner you mentioned, but we only have around 1000
> mailboxes on the Exchange boxen right now.
>
> Thanks
>
>
> From: exchangelist-bounce@xxxxxxxxxxxxx
> [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Rick Boza
> Sent: Tuesday, July 25, 2006 8:56 AM
> To: exchangelist@xxxxxxxxxxxxx
> Subject: [ExchangeList] Re: file filtering best practice?
>
> I¹ve had great experiences with Antigen (formerly Sybari, now Microsoft) on
> this very topic. Antigen opens all zips and quarantines those that have
> infections. Password protected ones can be automatically quarantined.
> Another great feature is the ability to scan and/or filter files that have had
> their extensions changed in an attempt to get past a mail filter it opens
> the file up and examines it rather than just relying on .zip as the extension
> to identify it.
>
> Great stuff.
>
> Rick
>
>
> On 7/25/06 8:49 AM, "Arnold, Jamie" <harnold@xxxxxxxxxxxxxx> wrote:
> Martin:
>
> May I ask what you use to quarantine them?
>
> Thanks
>
>
> From: exchangelist-bounce@xxxxxxxxxxxxx
> [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Martin Blackstone
> Sent: Tuesday, July 25, 2006 8:33 AM
> To: exchangelist@xxxxxxxxxxxxx
> Subject: [ExchangeList] Re: file filtering best practice?
>
> We quarantine them, then release if they are OK.
> The users don't love it, but they understand it.
>
>
>
> From: exchangelist-bounce@xxxxxxxxxxxxx
> [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Arnold, Jamie
> Sent: Tuesday, July 25, 2006 5:31 AM
> To: exchangelist@xxxxxxxxxxxxx
> Cc: Exchange2000@xxxxxxxxxxxxxxx
> Subject: [ExchangeList] file filtering best practice?
> In dealing with zip files specifically, I¹m wondering what is considered the
> ³best practice²? We simply remove the file at our edge proxy, but have been
> getting a little flack from a few users. Our data shows that nearly 94% of the
> .zip files that come in via email are infected so I¹m not likely to be
> convinced to allow them through.
>
> What say you?
>
>
>
Other related posts:
