Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Spam filter active for in site messaging?
  •  
ComputerBudda

Messages: 111
Karma: 5
Send a private message to this user
I have a customer for which I block all attachments to the addressee. The addressee gets the mail w/o the attachment and the full email is routed to a special mailbox where someone is trained not to click on just any attachment, download the necessary ones and save's them to the addressee's personal folder. Obviously labor intensive but less so than cleaning cryptowall, yes I've seen quite a few of those.

For easily identified legit emails with attachments, could I setup a rule to simply forward the whole email back to the correct person or would be stopped by the spam rule? Rolling Eyes

BTW, the spam rule seems to be invoked before the virus rule since I see a lot of attachments in this mailbox that are identified as having a virus. I'd just as soon those were automatically deleted.
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
Do you need to block *ALL* attachments? There's a default list of attachment types in Kerio Connect that can be/are blocked. Why not use that list, and forward the originals to your human filter person if needed? Use the built-in Sophos to discard messages that are confirmed to have a virus.

Result should be that attachments with File Types that are NOT on the block list should go through to Sophos AV and if there's no virus detected, they (your "easily identifiable legit email with attachment") should be delivered to the addressee (provided that they are not deemed as Spam).

Ken Snyder
  •  
ComputerBudda

Messages: 111
Karma: 5
Send a private message to this user
I'm sure you realize that the new distribution method for Cryptowall is a zip attachement that is not infected but is a link to website that automatically downloads crap that goes right by all the scanners. I've already had a different customer hit by that one and I'm seeing multiple attempts per day to infect this one with those zip files.
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
And *.zip can be added to the blocked attachment list.

Ken Snyder
  •  
ComputerBudda

Messages: 111
Karma: 5
Send a private message to this user
Yes, and has been. However, there are some zip files I know are OK. So if I block all zip files via Kerio, can I then pass them around internally without Kerio stopping them which was the gist of my original question.
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
Can the person who wishes to pass this "safe" *.zip file rename the file to something like *.safe_zip or *.CompanyName_zip? If so, add a rule to the top of the attachment filter list that allows the sending of that file type.

Ken Snyder
  •  
ComputerBudda

Messages: 111
Karma: 5
Send a private message to this user
Sounds like the answer to my question is no. Downloading the file, renaming it and sending is out is about the same as the labor intensive process I was trying to stop.
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
I can't seem to find any rule that can be built elsewhere that gets evaluated prior to the attachment filtering rule in such a way that it ultimately bypasses it.

Ken Snyder
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
Sounds like you need to install some additional security software. I would suggest installing the crypto blocker from Foolish IT. They have a free version, as well as paid version that offer more options. It prevents things from running from temporary folders, such as a browser downloaded cache.
Previous Topic: Administration Settings error
Next Topic: emails only over port 465 or 587 & spam
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Aug 19 17:02:29 CEST 2017

Total time taken to generate the page: 0.00504 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.