Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Mail attachments

  • 1.  Mail attachments

    Posted Jan 22, 2016 03:20 AM

    Hi all,

    I have a user that send many times a day, the same attachment to different mail address.

    It is possible that SEP blocks the attachment and send the email without it? (without any warning in console?!?)

     

     



  • 2.  RE: Mail attachments

    Posted Jan 22, 2016 03:45 AM

    SEP cannot do that, Symantec mail security for exchange can do that.



  • 3.  RE: Mail attachments

    Posted Jan 22, 2016 03:46 AM

    Nope SEP cannot do that, you can tweat Symantec DLP to do this.



  • 4.  RE: Mail attachments

    Posted Jan 22, 2016 04:00 AM

    In SMSMSE (v 7.5) there's nothing in quarantine neither in log...



  • 5.  RE: Mail attachments

    Posted Jan 22, 2016 05:59 AM

    Hi David ITA,

    Is this user doing this mailing on purpose, or is this unusual/unexpected behavior on that computer?  If it is unexpected then the computer is likely infected and part of a spambot.  Locate and remove the malware responsible!

    Using Today's SymHelp to Combat Today's Threats
    https://www-secure.symantec.com/connect/articles/using-todays-symhelp-combat-todays-threats

     

    Please do update this thread with more details!

    With thanks and best regards,

    Mick



  • 6.  RE: Mail attachments

    Posted Jan 22, 2016 06:14 AM

    SMSMSE is the product to handle scanning email. I suggest you pose this question in that forum.



  • 7.  RE: Mail attachments

    Posted Jan 22, 2016 07:54 AM

    Mik, this user send this mail on purpose, the pc it's not infected.

    I opened this thread here because smsmse doesn't show any warning, so I was thinking that the problem is SEP.

     

     

     



  • 8.  RE: Mail attachments

    Posted Jan 22, 2016 08:00 AM

    It sounds like the PC is infected with a spambot.

    SEP may not be catching it because it does not have a signature for it. Possible that it is a new variant.

    My suggestion would be to create a firewall to block port 25. This would stop the spambot (until you can remove from the network and clean) but still allow Outlook to function properly.



  • 9.  RE: Mail attachments

    Posted Jan 22, 2016 08:42 AM

    No Brian, The pc is not infected, the user send the mail on purpose.

     

    Is just the attachments that sometimes disappear... I think it's not smsmse because nothing is showed in logs...



  • 10.  RE: Mail attachments

    Posted Jan 22, 2016 08:46 AM

    Do you have the SEP Outlook Auto-Protect scanning component enabled?

    If so, I suppose it may be possible. SEP Outlook AP could still allow the email through while stripping the attachment if it deems it malicious. You could check the Risk or Security log for any alerts.

     



  • 11.  RE: Mail attachments

    Posted Jan 22, 2016 09:27 AM

    yes I have it, but nothing appear in risk or security log.



  • 12.  RE: Mail attachments

    Posted Jan 22, 2016 09:30 AM

    To rule it in or out, temporarily disable and see if that attachment goes through.