Ah, but Antigen can also scan the SMTP blobs at your gateways. Of course, a *nix smtp gateway would preclude this, but I¹d have to check if the new edge services would support it I tend to think it would. You¹d be dropping a Win2K3 server in place of your gateway though, and I doubt you were looking for a major change in your architecture. Anyhow, just a thought! And certainly just a suggestion of course, all environments and requirements are different when you get into the upper strata as you describe. On 7/25/06 9:08 AM, "Arnold, Jamie" <harnold@xxxxxxxxxxxxxx> wrote: > Thanks, Rick: > > I¹ve actually used Antigen from it¹s inception. They were the only cluster > aware product back in 1997. This issue is larger than that unfortunately. > I¹m looking at our main campus mail system which is *IX based (Cyrus and > Sendmail). We currently use a Barracuda as the edge proxy and it works > wonderfully. We get around 1 million emails a day and drop over 96% of them > due to file filtering or infection. Currently, we simply drop emails with > certain file extensions as we have over 48,000 unique email addresses and > asking every user to monitor and maintain their quarantine space would be a > staggering undertaking. Many would simply never look there and the storage > requirements for some 940,000 emails daily is, well?enormous. > > I use Antigen in the manner you mentioned, but we only have around 1000 > mailboxes on the Exchange boxen right now. > > Thanks > > > From: exchangelist-bounce@xxxxxxxxxxxxx > [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Rick Boza > Sent: Tuesday, July 25, 2006 8:56 AM > To: exchangelist@xxxxxxxxxxxxx > Subject: [ExchangeList] Re: file filtering best practice? > > I¹ve had great experiences with Antigen (formerly Sybari, now Microsoft) on > this very topic. Antigen opens all zips and quarantines those that have > infections. Password protected ones can be automatically quarantined. > Another great feature is the ability to scan and/or filter files that have had > their extensions changed in an attempt to get past a mail filter it opens > the file up and examines it rather than just relying on .zip as the extension > to identify it. > > Great stuff. > > Rick > > > On 7/25/06 8:49 AM, "Arnold, Jamie" <harnold@xxxxxxxxxxxxxx> wrote: > Martin: > > May I ask what you use to quarantine them? > > Thanks > > > From: exchangelist-bounce@xxxxxxxxxxxxx > [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Martin Blackstone > Sent: Tuesday, July 25, 2006 8:33 AM > To: exchangelist@xxxxxxxxxxxxx > Subject: [ExchangeList] Re: file filtering best practice? > > We quarantine them, then release if they are OK. > The users don't love it, but they understand it. > > > > From: exchangelist-bounce@xxxxxxxxxxxxx > [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Arnold, Jamie > Sent: Tuesday, July 25, 2006 5:31 AM > To: exchangelist@xxxxxxxxxxxxx > Cc: Exchange2000@xxxxxxxxxxxxxxx > Subject: [ExchangeList] file filtering best practice? > In dealing with zip files specifically, I¹m wondering what is considered the > ³best practice²? We simply remove the file at our edge proxy, but have been > getting a little flack from a few users. Our data shows that nearly 94% of the > .zip files that come in via email are infected so I¹m not likely to be > convinced to allow them through. > > What say you? > > >