[AusNOG] Fw: important

Chad Kelly chad at cpkws.com.au
Thu Oct 1 14:44:09 EST 2015


Hi Realistically you are better off getting users to upload large files 
to some kind of Cloud storage platform, as email was never really 
designed to send folders containing large files.
But that is a totally different argument.
Regards Chad.

On 10/1/2015 1:59 PM, Rhys Hanrahan wrote:
> Hi Chad,
>
> Thanks for this (and thanks everyone for the replies).
>
> Have you found that you needed to drop .zip extensions, or are the Ironports able to detect crypto emails on their own? We can already do attachment blocking with our current stack, but the problem is that all these manual changes is becoming ineffective and too much work. So I'm looking for something that will keep on top of the spam with better/regular signature updates etc...
>
> Another problem is, I know there's lots of variants and the latest ones seem to be macro-enabled PDF files, obviously we can't go blocking PDF attachments.
>
> But frankly, even blocking ZIP files is a little too heavy handed to me, if we can avoid it. I know we'll get people complaining that we've blocked their ZIP files if we do that.
>
> So I'm hoping there's something that manages to keep on top of recent spam emails without too much manual intervention.
>
> Thanks.
>
> Rhys Hanrahan
> Chief Information Officer
> Nexus One Pty Ltd
>
> E: support at nexusone.com.au
> P: +61 2 9191 0606
> W: http://www.nexusone.com.au/
> M: PO Box 127, Royal Exchange NSW 1225
> A: Level 10 307 Pitt St, Sydney NSW 2000
>
>
>
> ________________________________________
> From: Chad Kelly [chad at cpkws.com.au]
> Sent: Thursday, 1 October 2015 1:43 PM
> To: Rhys Hanrahan; ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] Fw: important
>
> On 10/1/2015 1:05 PM, Rhys Hanrahan wrote:
>> Hi Everyone,
>>
>> I've actually been thinking about posting about this lately... So I thought I'd put this out there while we're on the topic.
>>
>> We've been getting hit a lot with the crypto virus emails, and they seem to be difficult to block. It seems over the last few months there's been a steady increase in the amount of stuff getting through. Particularly seems that spammers are leveraging what appears to be legitimate mail-out services to get their spam through.
>>
>> Has anyone found an appliance or otherwise that we can run on, or alongside, our existing filtering that does well at blocking some of this stuff (particularly the crypto viruses - even server-side AV seems to miss it).
>>
>> I've heard of Ironport before, and I'll definitely be looking at that, but curious to know if there's anything else out there that can be recommended?
>>
>> Most of the things I've considered so far seem to be aimed more at a single enterprise / on-site IT (charging per user), instead of being aimed at larger-scale centralised ISP-style filtering.
>>
>>
>>
>>
> You can set IronPort to just drop anything with a .zip extension, which
> solves these issues as the appliance will drop the emails before they
> even reach the server.
> Ironport can also do inbound filtering as well as outbound.
> Given what you guys want to use the system for it may well be worth the
> investment in buying your own appliances.
> Regards Chad.
>
>
> --
> Chad Kelly
> Manager
> CPK Web Services
> web www.cpkws.com.au
> phone 03 9013 4853
>
>


-- 
Chad Kelly
Manager
CPK Web Services
web www.cpkws.com.au
phone 03 9013 4853



More information about the AusNOG mailing list