Solved

Blocking Image Spam Mail using GFI Mail Security/Essential

Posted on 2006-10-26
7
936 Views
Last Modified: 2012-06-27
We have been receiving a high number of image spam mails for the last few months. Evenhough the problem is currently manageable, we would like to find the most effective and efficient way to manage this issue, once and forever....  I hope.

Any assistance is highly appreciated.
0
Comment
Question by:chongbenkee
  • 4
  • 2
7 Comments
 
LVL 16

Expert Comment

by:legalsrl
ID: 17826529
Hi Chongbenkee,

can you not block emails containing .gif and .jpeg attachments and request that if users need to send or receive these types of file then they zip them ?

Thanks
Si
0
 
LVL 2

Expert Comment

by:Jeffesmi
ID: 17827457
I use AVG Internet Security, and I find that it blocks 98% of my image based SPAM.  You can check out their products at:

http://www.grisoft.com

They have server solutions as well as desktop.  Can you tell us what type of mail server you are using?  If it's a 3rd party mail via you ISP, you might check to see if they have an anti-SPAM feature that can be enabled.  If you are using Exchange, AVG has a product, McAfee has anti-spam in their suite (I believe... jump in Si), Norton has an enterprise SPAM product.  You might also look at http://antispam.msexchange.org/software/Anti_Spam/ for the suggestions from msexchange.org on anti-spam products.  If you are using Unix or Linux, you might look at http://spamassassin.apache.org/.  

Best Wishes,

Jeffery Smith
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17828070
Hi Jeffery,

Yes, McAfee does have a superb product, both it's Spamkiller for Exchange and it's Secure Content Management appliances (SCM Gateway range).

I didn't mention an alternative product as the title says the using the GFI product......I've currently got a demo version on one of my virtual servers and the easiest way i found to block some test spam is to

Quote
can you not block emails containing .gif and .jpeg attachments and request that if users need to send or receive these types of file then they zip them ?
End Quote

The above should be part of a general computer Use & security policy and is good practice anyway....i.e. don't open attachments if you don't know the recipient.

Cheers
Si
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 2

Expert Comment

by:Jeffesmi
ID: 17829536
Sorry, I wasn't familiar with GFI Mail Security/Essential.  I just looked it up, and now I know answers to my question:

- Exchange Server

As Si pointed out, you can block GIFs and JPEGs, but then any HTML mail with embedded attachments will be stripped.  If this is acceptable in your organization, then it is probably the best method.  I know that in most organization that I've worked at in the past, this was not acceptable.  The executive director wants the pictures of his/her grandchild, his/her HTTP mail from business or non-business sources.  At one organization I worked at, we implemented a points based system using SPAM**(*'s for the number of points - upto 25).  Then we gave the users rules that they could implement that allowed them to adjust at what level SPAM got blocked and what was done with that SPAM.  Some users opted to get everything, some opted to have marginal SPAM sent to a SPAM folder, and some opted to delete anything marked as SPAM.  It was a fairly complex implementation, but the users got to determine what was the best for them... that is one thing that a lot of IT professionals and security professions forget.  We work for clients.  Our job is to provide solutions to their needs, not dictate our idea of what is right and wrong. Some threats have to be dealt with such as attached executables.  The average user might inadvertantly afflict the entire network, but stripping all pictures and picture attachments is a bit excessive in my opinion.  Why not implement a paper and pencil only communication rule? (Sorry to go off in a tangent... I just had to get that off of my chest.)

Can't you submit SPAM mail that is getting through the filter to makers of GFI Mail Security/Essential and request they update their detection engine to mark these emails? If GFI is a points based SPAM engine, mark any email with an embedded picture as SPAM level.  This way, you have the mail being SPAMMED instead of being stripped.  Legitimate email will get through and depending on your rules, will hopefully be put in a SPAM folder where the user can determine if it is a legitimate email or junk.  They can update their white lists to allow through mail they may want.

Best Wishes,

Jeffery Smith
0
 

Author Comment

by:chongbenkee
ID: 17831310
Thanks Si & Jeffrey.

We are currently using Exchange 2000, Advanced 2000 Server, GFI Mail Essential (Ver 12), GFI Mail Security (10) and AVG-Server (7.1).

For clarification, we have no problems dealing with attachment related spam mail, eg. emails which have attachments. The problem arises when an image is "paste" into the email, hence, making it "undetectable".
0
 
LVL 2

Expert Comment

by:Jeffesmi
ID: 17831809
What happens to your suspected SPAM currently?  Does it get dropped to a folder or is it deleted/dropped?  If you use the SPAM folder option, then marking any mail with an imbedded graphic as SPAM (I'm assuming that GFI can do this) would do the trick.  White lists would allow real mail to get through while dropping junk to the SPAM folder.  I'm still curious if you can submit the SPAM messages to the makers of GFI and ask to have the filter updated.  These are not undetectable as I've said, my AVG Internet Security pulls about 20 of these out of my mailbox a day. You could look at updating your AVG 7.1 Server to AVG 7.5 Internet security, but that would be expensive.

Best Wishes,

Jeffery Smith
0
 
LVL 2

Accepted Solution

by:
Jeffesmi earned 400 total points
ID: 17831831
These looks pertinent on blocking embedded images:

http://kbase.gfi.com/showarticle.asp?id=KBID002763
http://support.gfi.com/manuals/en/dsec6/dsec6manual-1-17.html


Best Wishes,

Jeffery Smith
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

There are many HijackThis tutorials on the web already, so this article is about tips that help utilize HijackThis' full potential as a diagnostic tool. Download HijackThis from a TrendMicro link or from known reliable sources only. http://free.…
Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now