[ExchangeList] Re: file filtering best practice?
- From: "Arnold, Jamie" <harnold@xxxxxxxxxxxxxx>
- To: <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 25 Jul 2006 09:26:55 -0400
Understood. We're generally *very* happy with the Barracuda device. It
takes so little to admin it and it just works....
We're just about to pull the trigger on a Mirapoint email system here to
replace all the internal mail servers (other than Exchange...for now)
and that has it's own capabilities which may prove to assist in this.
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Rick Boza
Sent: Tuesday, July 25, 2006 9:17 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: file filtering best practice?
Ah, but Antigen can also scan the SMTP blobs at your gateways. Of
course, a *nix smtp gateway would preclude this, but I'd have to check
if the new edge services would support it - I tend to think it would.
You'd be dropping a Win2K3 server in place of your gateway though, and I
doubt you were looking for a major change in your architecture.
Anyhow, just a thought!
And certainly just a suggestion of course, all environments and
requirements are different when you get into the upper strata as you
describe.
On 7/25/06 9:08 AM, "Arnold, Jamie" <harnold@xxxxxxxxxxxxxx> wrote:
Thanks, Rick:
I've actually used Antigen from it's inception. They were the only
cluster aware product back in 1997. This issue is larger than that
unfortunately. I'm looking at our main campus mail system which is *IX
based (Cyrus and Sendmail). We currently use a Barracuda as the edge
proxy and it works wonderfully. We get around 1 million emails a day
and drop over 96% of them due to file filtering or infection.
Currently, we simply drop emails with certain file extensions as we have
over 48,000 unique email addresses and asking every user to monitor and
maintain their quarantine space would be a staggering undertaking. Many
would simply never look there and the storage requirements for some
940,000 emails daily is, well...enormous.
I use Antigen in the manner you mentioned, but we only have around 1000
mailboxes on the Exchange boxen right now.
Thanks
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Rick Boza
Sent: Tuesday, July 25, 2006 8:56 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: file filtering best practice?
I've had great experiences with Antigen (formerly Sybari, now Microsoft)
on this very topic. Antigen opens all zips and quarantines those that
have infections. Password protected ones can be automatically
quarantined. Another great feature is the ability to scan and/or filter
files that have had their extensions changed in an attempt to get past a
mail filter - it opens the file up and examines it rather than just
relying on .zip as the extension to identify it.
Great stuff.
Rick
On 7/25/06 8:49 AM, "Arnold, Jamie" <harnold@xxxxxxxxxxxxxx> wrote:
Martin:
May I ask what you use to quarantine them?
Thanks
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Martin
Blackstone
Sent: Tuesday, July 25, 2006 8:33 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: file filtering best practice?
We quarantine them, then release if they are OK.
The users don't love it, but they understand it.
________________________________
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Arnold, Jamie
Sent: Tuesday, July 25, 2006 5:31 AM
To: exchangelist@xxxxxxxxxxxxx
Cc: Exchange2000@xxxxxxxxxxxxxxx
Subject: [ExchangeList] file filtering best practice?
In dealing with zip files specifically, I'm wondering what is considered
the "best practice"? We simply remove the file at our edge proxy, but
have been getting a little flack from a few users. Our data shows that
nearly 94% of the .zip files that come in via email are infected so I'm
not likely to be convinced to allow them through.
What say you?
Other related posts:
