Jump to content

Mail Security For Exchange & Nested Zips


Recommended Posts

I have set up rules in the Rules config section to do the following:

1. smart block of all exe files (also included *.scr)

2. dangerous executables to block among other extensions *.scr

 

on of my users got an email with a zip file. inside the zip was another zip and inside it a filename with scr extension.

 

How did the scr file passed both rules and got to my user mailbox? Doesn't the Rules config search inside attached archives for blocked files?

Link to comment
Share on other sites

  • Administrators

You'd have to create a rule for zip attachments to remove such malware. However, to get better protection against spammed malware simply enable detection of potentially dangerous attachments. For more information, please refer to page 76 of the EMSX User guide.

Link to comment
Share on other sites

for my understanding: If I create a zip rule, I assume it will block all zip files. Am I correct? I want to allow zip files in but I do not want nested zip files with exe files inside them

 

I enabled the potentially dangerous attachments. does this also scan inside zip files? and specifically nested ones?

Link to comment
Share on other sites

  • Administrators

for my understanding: If I create a zip rule, I assume it will block all zip files. Am I correct? I want to allow zip files in but I do not want nested zip files with exe files inside them

Right. What you want to achieve is not feasible using rules.

I enabled the potentially dangerous attachments. does this also scan inside zip files? and specifically nested ones?

Yes, typical spammed malware will be detected in archives too.
Link to comment
Share on other sites

  • 1 year later...

Same question

 

Eset MailSecurity 4.5.10023.0 can block *.js attachments by rule

But if *.js in zip archive - don't block

If I enable detection of potentially dangerous attachments - MailSecurity block only files with double extension in zip (*.doc.exe in zip)

 

Is it possible to create rule to block any *.js files in zip archives?

Link to comment
Share on other sites

  • 3 months later...

Now I have installed ESET Mail Security 6.3.10005.2 on my Exchange Server. I have activated the Mailtransportrule for deleting executable files.

 

Now I have created a rule, that has to delete attachments with .JS. The next step would be to block any zip achives with a .JS file inside. But sadly I can not find a way to create this rule.

 

Has someone an idea how I can create these two rules?

 

Thanks

TomTomTom

Edited by TomTomTom
Link to comment
Share on other sites

  • 5 weeks later...
  • ESET Staff

If you created a rule that deletes all *.JS files, it will also delete archives that contain *.JS files - there is no need to create another rule

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...