[AusNOG] Fw: important

James Hodgkinson yaleman at ricetek.net
Thu Oct 1 14:20:00 EST 2015 

That will only stop a small subset of vectors as they're using links
that take them yhroigh a redirect or two until you end up at the
payload. There's ways of de-fanging links but the kinds of people who
click on executables will also work around other measures. 

Defence in depth as always, whitelisting is a great tool. 

James

On Thu, 1 Oct 2015, at 13:43, Chad Kelly wrote:
> On 10/1/2015 1:05 PM, Rhys Hanrahan wrote:
> > Hi Everyone,
> >
> > I've actually been thinking about posting about this lately... So I thought I'd put this out there while we're on the topic.
> >
> > We've been getting hit a lot with the crypto virus emails, and they seem to be difficult to block. It seems over the last few months there's been a steady increase in the amount of stuff getting through. Particularly seems that spammers are leveraging what appears to be legitimate mail-out services to get their spam through.
> >
> > Has anyone found an appliance or otherwise that we can run on, or alongside, our existing filtering that does well at blocking some of this stuff (particularly the crypto viruses - even server-side AV seems to miss it).
> >
> > I've heard of Ironport before, and I'll definitely be looking at that, but curious to know if there's anything else out there that can be recommended?
> >
> > Most of the things I've considered so far seem to be aimed more at a single enterprise / on-site IT (charging per user), instead of being aimed at larger-scale centralised ISP-style filtering.
> >
> >
> >
> >
> 
> You can set IronPort to just drop anything with a .zip extension, which 
> solves these issues as the appliance will drop the emails before they 
> even reach the server.
> Ironport can also do inbound filtering as well as outbound.
> Given what you guys want to use the system for it may well be worth the 
> investment in buying your own appliances.
> Regards Chad.
> 
> 
> -- 
> Chad Kelly
> Manager
> CPK Web Services
> web www.cpkws.com.au
> phone 03 9013 4853
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list