Email attachment filter – better than file extention.

pts.
Tags:
Exchange security
Microsoft Exchange
Networking
Security
Does anyone know if there is some way to filter email attachements on a server that are a little harder to get past than simply renaming the file extention? I have people that rename file.exe to file.bob and my filter does not block this file. I know you can scan attachments for viruses in attachments, but I want to know if there is a way to have the server further investigate the file to find the extention. Any ideas?

Answer Wiki

Thanks. We'll let you know when a new response is added.

GFI Mail Security does a good job of this. It allows for the administrator to approve the email before the client sees it.

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • petkoa
    Hi skepticals, You didn't provide any information about the mail server you are using, so it's impossible to provide any "ready for use" sollutions, but just some ideas/hacks. E.g., if you are using sendmail + procmail on Unix/Linux, you can put a recipe in the system-wide procmairc which will extract attachments with non-executable extensions and test them (using "file" command - it doesn't rely on extension). This will put additional load on the server, so it's not a good idea to use this hack on a busy mailserver. BR and good luck, Petko
    3,120 pointsBadges:
    report
  • Chalvarez
    This is just an idea, look for some software that uses fingerprints.
    0 pointsBadges:
    report
  • Skepticals
    Sorry if I didn't make myself clear. I amlooking for any type of server/software that can filter more in depth than the file extension. Anyone know of anything?
    0 pointsBadges:
    report
  • Lizardb0y
    Unix systems generally include a tool named "file" which identifies the file type of the given file by inspecting the contents for unique identifiers. These identifiers are known as "magic numbers". Its output looks like this: andrew@sauron:~$ file hiddenexe hiddenexe: PE executable for MS Windows (GUI) Intel 80386 32-bit, RAR self-extracting archive andrew@sauron:~$ file justtext justtext: ASCII English text andrew@sauron:~$ file pythonscript pythonscript: a /usr/bin/python script text executable You can obtain a package of GNU Unix utilities compiled for Windows from http://gnuwin32.sourceforge.net/ which includes "file". A mail filter which uses file is XamimeLT: http://pldaniels.com/xamimelt/
    0 pointsBadges:
    report
  • MemphisJim
    CipherTrust's IronMail does a pretty good job at looking at multiple extensions as well as renamed files. We have two in a load balanced scendario for SPAM, AV, quarantine, etc...
    5 pointsBadges:
    report
  • Maclanachu
    Sunbelt messaging Ninja has exactly the feature u r looking for. http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm
    0 pointsBadges:
    report
  • Janadam
    We are also using GFi Mailsecurity; it inspects the attachments to see what they are. Renaming the file won't fool the system. It will even extract compressed files (e.g. ZIP) to check the files inside the ZIP. Once it has detected what kind of file it is, you can define policies to determine what to do with it (remove from mail/remove entire mail/manually admin approve/etc.)
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following