Messaging Gateway

Hi,

Malware policies has a policy which says:

virus: clean message

What happens when the "cleaning" fails? Is the message delivered to the user?

We had this policy activated, and all trojan infected .doc files would get past it to the users!

Then there's another policy:

virus: quarantine

The TAC kept telling me that either cleaning OR quarantine can be used but both can't be done at once. In this policy I have added 2 actions now: clean the message and hold in spam. Why did the policy accept both those actions if it can't be done?

At least now with the second policy I can see a trojan verdict and the emails are being held in spam as per the msg audit logs.

Hi,

-virus clean: The virus scanner did not identify the docs as infected. You could try to change to rapid release (only if you've got the latest release) but still, virus detection is not smgs strength.

-quarantine vs cleaning: Please read "Action processing combinations" in the CCs online help.

Thomas

HI,

Even let's say we have the definitions, what would "cleaning" exactly achieve, would it take the malicous code out of the .doc file?

I understand quarantining, and yes it would be better if we could just block the email based on spam checks as SPAM but infected .doc files keep getting in.

And obviously can't block doc extension.

What kind of email attachment policy do you use in general for an organization?

Hi,

Cleaning in case of docs ... have no idea because we delete infected stuff - notifying users about deletion.

On top we block .js and .jar and some docs get caught because of that. And we use serveral more scan engines on different plattforms and a few things more which i cant explain here in public ;-)

Thomas

 

What about zipped encrypted files? Do you block them?

Would a passworded pdf file be regarded as an "encrypted" file by SMG?

And we're all pretty anonymous here man.

Blocking or behaviour depends on the customers need.

But if encrypted zips contain blocked attachment type they get blocket too.

Passworded pdf: I doubt thats been classified as encrypted, but didnt try it.

Anonymous: Oh jea, as the internet always is ... ;-)

encrypted zips have a password, SMG just cant read them right, what it can do is block all encrypted files.

Smg cant read them, right. But the header of the zip lists the files and they get dropped. Just try it. But anyway, the best is to block encrypted attachments Thomas

I want to block encrypted zips, but im not sure if a password protected zip will be treated as encrypted.

SMG has a different sections for "password protected pdfs/doc" in file formats, but still not sure how will it work.

 

Encrypted zips: Yes, SMG will treat it as encrypted, as others

PW protected pdfs/docs is almost the same, not sure what you are exactly looking for.

The condition is pretty simple:

Encrypted attachment - An email contains an attachment that is encrypted or password-protected, and therefore, cannot be scanned.

And to be sure, please read help, searching for "Encrypted Data policy template"

 

Thomas