Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Attachment Filter > deny secured archives (Locky trojan #2)
  •  
Maerad

Messages: 158
Karma: 31
Send a private message to this user
Hiya!

Right now there is a new variant of tesla or locky being send out.

How it works:
You get a mail from a known or unknown sender (known sender > infected pc that REPLIES on a once written mail of the receiver with a password secured zip archive). In both cases with a mail body like "hi there, here the files, password is XXXX".

Because of that, I would like to deny secured zip files or archives I or the server can't open generally. Especially important is, that the sender is in most cases known, so the user won't suspect anything.

Also a mail virus scanner won't find "shit".

I would start a vote for a new function, but in this case it's quite important and need to be done fast. Would that be possible? Or any other idea how I could filter those?

More information (german): http://www.heise.de/security/meldung/Neuer-Virus-schuetzt-si ch-mit-einem-Passwort-3119562.html

[Updated on: Sat, 27 February 2016 16:41]

  •  
ComputerBudda

Messages: 113
Karma: 4
Send a private message to this user
I've been doing that for years with Kerio.....I quarantine all attachments (treat them like viruses) strip them from the original email and send the stripped email to the user. Original email is sent to a special mailbox that an administrator can review and download the attachment if legit and appropriate.
  •  
Maerad

Messages: 158
Karma: 31
Send a private message to this user
ComputerBudda wrote on Sat, 27 February 2016 16:59
I've been doing that for years with Kerio.....I quarantine all attachments (treat them like viruses) strip them from the original email and send the stripped email to the user. Original email is sent to a special mailbox that an administrator can review and download the attachment if legit and appropriate.


Yeah, 2 problems with that.

1. Zipped files are usual, many customers or suppliers mail us datasheets, cad files etc. in zip archives. It's not possible for me, to check over 100 mails with zip archives per day for the content.

2. By law in germany, it's forbidden to read mails of other persons without them checking the mail first and their consent. Basically the same rules apply for e-mails like for paper mail. Also it's not legit, to get their consent for all mails, because a general rule to read the mails is not appreciate in the terms of law. It has to be VERY specific.

Well, in reality it wouldn't be a problem with the mails (already get anything suspicious) but a general rule for zip files ... not possible because of the workload.
Previous Topic: Library libkticonv.so.2 could not be loaded
Next Topic: kerio ssl with forward secrecy
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Oct 20 10:52:13 CEST 2017

Total time taken to generate the page: 0.00395 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.