Login to participate
Security IdeasRSS
2
Symantec Brightmail Gateway: option to block a message based on the amount of attachments to be added.
lockdown wizard
July 8th, 2009
3 Agree, 1 Disagree
Symantec Brightmail Gateway: option to block a message based on the amount of attachments to be added.
Currently the SBG cannot accept or block emails based on the amount of attachments.
All attachments are scanned, provided the email is accepted.
Sending an email with e.g. 1 Million attachments that have a size of 1 byte is small enough to be accepted, but the overhead caused by all the scans could considerably impact the performance, possibly in such a way that a number of such mails could constitute a DOS attack.
Therefore it might be a good idea to add such an option to the SBG.
Amount
Some follow up questions.
Would you want to count the items in a compressed file toward that total number? Have you experienced a problem without having this feature?
Reply to "Amount"
Re. items in a compressed file toward that total number?
Not really necessary, because "Settings" (in> Protocols > SMTP) has a limit to the maximum time to open a container and will be triggered if this takes too long.
Re. Have you experienced a problem without having this feature?
I have not witnessed this in the wild but noticed an impact on performance when doing tests with an email with a couple of thousands of 0-byte files attached. Because these files are not compressed the above "Settings" for compressed files will not be triggered, and SBG keeps scanning.
Would you like to reply?
Login or Register to post your comment.