Block Mail attachments based on file extensions ??

Discussion in 'NOD32 version 2 Forum' started by penjoseph, Dec 5, 2006.

Thread Status:
Not open for further replies.
  1. penjoseph

    penjoseph Registered Member

    Joined:
    Dec 5, 2006
    Posts:
    26
    We have been using Norman Anti-virus for our corporate network for the past 4 years , the license renewal being due soon.

    Norman has neat mail attachment blocking based on files extensions (eg: *.VBS, *.COM, *.EXE) for all email clients - both at outgoing SMTP port 25 & at incoming POP3 port 110.

    Considering the fact that NOD32 has better virus, malware, trojan & spyware detection, we are contemplating the use of NOD32 for our corporate network. But it doesn't provide for mail attachment blocking (scanning = yes) giving provision for blocking file extensions \ files type that can potentially be dangerous & which are never used by anyone.

    Here I have to mention the instance of *.IHX & *.BHX type viruses which hit our computer network through yahoo mail (scanned & passed by yahoo's Norton Antivirus). After that we enforced file attachment blocking for mail clients which has been successfully working except for downloading zip \ compressed files where it deletes \ quarantines the entire contents !!

    Is there any way to configure NOD32 to block mail attachments? Or if not, would they be incorporating this feature in future releases?


    Joseph
     
    Last edited: Dec 7, 2006
  2. penjoseph

    penjoseph Registered Member

    Joined:
    Dec 5, 2006
    Posts:
    26
    I had written to the technical support team of ESET's NOD32.

    They have replied as follows

    " Hello,

    As discussed here :

    https://www.wilderssecurity.com/showthread.php?t=99396

    , blocking filtering files by extension would be of little use. One option is to create user accounts with limited access.

    Thank you,
    Eset Technical Support "

    That thread is outdated & doesn't allow to be replied to.

    My argument points are:

    1. "Prevention is Better than Cure"
    2. There is no Anti-Virus program which is always ready with an antidote before a virus strikes a company's computer infrastructure.
    3. It would be difficult to monitor individual mail \ user account configuration
    4. In the interest of safety of corporate computer networks it is best to have mail file restriction policy based on end-user's requirements to avoid possible virus infections. (ie: block out file extensions which are potentially dangerous & which never would be used by the end-users)

    Joseph
     
  3. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I'd tackle it at the mail server level...like in Exchange.
     
  4. penjoseph

    penjoseph Registered Member

    Joined:
    Dec 5, 2006
    Posts:
    26
    Of now, we don't have an internal mail server.

    All mails are downloaded directly through internet from our domain name+website hosting+mail server service provider by email clients.

    One reason being half of our email accounts are accessed by users outside our network (ie: at different remote locations, even through dial-up!)
     
  5. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Ack..ahh, OK, when I read "our corporate network" I assumed you had outgrown POP3.

    Exchange has OWA and Outlook via HTTP for those road warriors/remote users. ;) Quite an advantage over the bare bones web mail from IMail, Squirrel, Horde, or whatever package your current host is using.

    Guess another option would be controlling via the mail client...depending on which one you're using.
     
  6. penjoseph

    penjoseph Registered Member

    Joined:
    Dec 5, 2006
    Posts:
    26
    Attaching a picture of Norman Anti-Virus mail attachment filter configuration


    http://img.photobucket.com/albums/v663/eapen/tech/norman-mail.jpg


    There are two different ways of blocking mail attachments as seen in the picture above
    1. Block listed file extensions - *.EXE, *.VBS, *.COM, *.BAT , etc
    2. Block all except listed file extensions - *.DOC, *.XLS, *.PDF, *.JPG , etc
     
    Last edited: Dec 6, 2006
Thread Status:
Not open for further replies.