We have been using Norman Anti-virus for our corporate network for the past 4 years , the license renewal being due soon.

Norman has neat mail attachment blocking based on files extensions (eg: *.VBS, *.COM, *.EXE) for all email clients - both at outgoing SMTP port 25 & at incoming POP3 port 110.

Considering the fact that NOD32 has better virus, malware, trojan & spyware detection, we are contemplating the use of NOD32 for our corporate network. But it doesn't provide for mail attachment blocking (scanning = yes) giving provision for blocking file extensions \ files type that can potentially be dangerous & which are never used by anyone.

Here I have to mention the instance of *.IHX & *.BHX type viruses which hit our computer network through yahoo mail (scanned & passed by yahoo's Norton Antivirus). After that we enforced file attachment blocking for mail clients which has been successfully working except for downloading zip \ compressed files where it deletes \ quarantines the entire contents !!

Is there any way to configure NOD32 to block mail attachments? Or if not, would they be incorporating this feature in future releases?


Joseph

I had written to the technical support team of ESET's NOD32.

They have replied as follows

" Hello,

As discussed here :

http://www.wilderssecurity.com/showthread.php?t=99396

, blocking filtering files by extension would be of little use. One option is to create user accounts with limited access.

Thank you,
Eset Technical Support "

That thread is outdated & doesn't allow to be replied to.

My argument points are:

1. "Prevention is Better than Cure"
2. There is no Anti-Virus program which is always ready with an antidote before a virus strikes a company's computer infrastructure.
3. It would be difficult to monitor individual mail \ user account configuration
4. In the interest of safety of corporate computer networks it is best to have mail file restriction policy based on end-user's requirements to avoid possible virus infections. (ie: block out file extensions which are potentially dangerous & which never would be used by the end-users)

Joseph

I'd tackle it at the mail server level...like in Exchange.

Of now, we don't have an internal mail server.

All mails are downloaded directly through internet from our domain name+website hosting+mail server service provider by email clients.

One reason being half of our email accounts are accessed by users outside our network (ie: at different remote locations, even through dial-up!)

Ack..ahh, OK, when I read "our corporate network" I assumed you had outgrown POP3.

Exchange has OWA and Outlook via HTTP for those road warriors/remote users. ;) Quite an advantage over the bare bones web mail from IMail, Squirrel, Horde, or whatever package your current host is using.

Guess another option would be controlling via the mail client...depending on which one you're using.

Attaching a picture of Norman Anti-Virus mail attachment filter configuration


http://img.photobucket.com/albums/v663/eapen/tech/norman-mail.jpg


There are two different ways of blocking mail attachments as seen in the picture above
1. Block listed file extensions - *.EXE, *.VBS, *.COM, *.BAT , etc
2. Block all except listed file extensions - *.DOC, *.XLS, *.PDF, *.JPG , etc