Surfcontrol Email Filter 4.7

Good Day Everyone, I am a net admin in a W2K networked environment with approximately 50-60 users. We utilize exchange 5.5 for email and SC EF 4.7 for anti-spam and extra security. However, I have found several messages saying that I have sent an infected message to someone, and also, NDR's from my own mailbox, saying that I sent a message to someone and the delivery failed, and I know I did not send it. We have a firewall in place, however, my question is, someone getting past my firewall and into my exchange server. Are there any vulnerabilities in SC EF that any of you know about or could it point to some other configuration problem on my server. I am stumped as to why this is happening and I would like to secure this production email server ASAP. Any help would be greatly appreciated. In Friendship, Nickolaii

Answer Wiki

Thanks. We'll let you know when a new response is added.

No solution (FW or content filter) is 100% effective, expect that some items may get passed your protective barriers. You did not mention if you have anti-virus on the desktops/email server, etc. Do you have VPN access that allows home/mobile users into the network behind these screens?

You could have an infected client(s) that is propagating these infected emails. You could, if VPN is implemented, have been infected from an insecure external PC. Once infection is on the LAN, your security is breached. Consider scanning your client(s) and server with AV product.

Have you checked with SC about their EF product and this issue?

Discuss This Question: 1  Reply

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Nickolaii
    Good Day, Thanks for taking the time to reply to my post. I do have server and client level Etrust Antivirus installed on my servers and clients. The third party antivirus rule in my Email Filter is used in conjunction with Etrust and it does detect and delete all infected emails. Our FW is pretty stringent with it's SA policies, even at times, denying myself, the administrator access to the SW from a public IP. I think it has to do with my ISP, but I'm not certain. As for VPN access, the only way that someone could get in, is if I devulged my secret answer to someone which I have done only to my FW support contact. As for mobile users, there is only a limited number accessing the network by VPN. As far as contacting SC, my maintenance contract has expired and I am not entitled to any phone support. The product has all the anti-spoofing, and anti-percent hacks, etc protection built in, but it's like it's not occuring or doing it's job. Is there any other way someone could authenticate against my firewall and gain access to the private LAN. I have seen external IP's in my FW log attempting to connect to a private IP within my network but the connection is droppped, thank GOD. Any help or info. you can provide is greatly appreciated. It's an ongoing battle against this type of threat in a networked environment, and pretty tiresome to say the least. In Friendship, Nickolaii
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: