Deny attachments until verification

[remain]

Is it possible in exchange to deny .zip files to a seperate directory to be viewed later to verify they aren't a trojan?

We have symantec anti-virus for exchange and NT server but several viruses have still gotten through...most noteably the beagle.ao@mm virus yesterday. If we could move all zip messages to another location to be checked it would provide much more protection.

Also, if this isn't a functionality of exchange 5.5, is it a functionality in later versions of exchange, and/or are there any 3rd party applications that will do this?

Thanks in advance

 

[cmeagan656]

I don't think its possible within exchange 5.5. but we use XWall (

http://www.dataenter.co.at/products/xwall.htm)

for our spam filter and it has the capability of blocking specific attachments (i.e. price.exe, price.html, price.zip) without blocking all attachments.

As soon as a new virus rears its ugly head (I check Symantec's web site every hour or so) I go into XWall and add all the attachments associated with that particular virus. We have the action set to "discard message" but you can set it to a number of different options, including "forward to postmaster".

Cheers.

 

[remain]

can it do wild cards like block *price*.zip (using the windows multicharacter wildcard as an example)?

The problem with the beagle.ao is that it changes the name of the attachment slightly, but always has price in it.

 

[cmeagan656]

Yes, it can do wildcards but I just blocked all the variants individually. There were only 8 of them.

Xwall also has the option to consider password protected zip files and/or double extensions as exploits. You can choose to handle exploits differently than attahcments if you wish.

See

http://www.dataenter.co.at/doc/xwall_admin_options.htm

for a full list of options.

Cheers.

 

[AlexIT]

Mail Marshal is another front end SMTP filter with similar characteristics.