Solved

Blocking Image Spam Mail using GFI Mail Security/Essential

Posted on 2006-10-26
7
945 Views
Last Modified: 2012-06-27
We have been receiving a high number of image spam mails for the last few months. Evenhough the problem is currently manageable, we would like to find the most effective and efficient way to manage this issue, once and forever....  I hope.

Any assistance is highly appreciated.
0
Comment
Question by:chongbenkee
  • 4
  • 2
7 Comments
 
LVL 16

Expert Comment

by:legalsrl
ID: 17826529
Hi Chongbenkee,

can you not block emails containing .gif and .jpeg attachments and request that if users need to send or receive these types of file then they zip them ?

Thanks
Si
0
 
LVL 2

Expert Comment

by:Jeffesmi
ID: 17827457
I use AVG Internet Security, and I find that it blocks 98% of my image based SPAM.  You can check out their products at:

http://www.grisoft.com

They have server solutions as well as desktop.  Can you tell us what type of mail server you are using?  If it's a 3rd party mail via you ISP, you might check to see if they have an anti-SPAM feature that can be enabled.  If you are using Exchange, AVG has a product, McAfee has anti-spam in their suite (I believe... jump in Si), Norton has an enterprise SPAM product.  You might also look at http://antispam.msexchange.org/software/Anti_Spam/ for the suggestions from msexchange.org on anti-spam products.  If you are using Unix or Linux, you might look at http://spamassassin.apache.org/.  

Best Wishes,

Jeffery Smith
0
 
LVL 16

Expert Comment

by:legalsrl
ID: 17828070
Hi Jeffery,

Yes, McAfee does have a superb product, both it's Spamkiller for Exchange and it's Secure Content Management appliances (SCM Gateway range).

I didn't mention an alternative product as the title says the using the GFI product......I've currently got a demo version on one of my virtual servers and the easiest way i found to block some test spam is to

Quote
can you not block emails containing .gif and .jpeg attachments and request that if users need to send or receive these types of file then they zip them ?
End Quote

The above should be part of a general computer Use & security policy and is good practice anyway....i.e. don't open attachments if you don't know the recipient.

Cheers
Si
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 2

Expert Comment

by:Jeffesmi
ID: 17829536
Sorry, I wasn't familiar with GFI Mail Security/Essential.  I just looked it up, and now I know answers to my question:

- Exchange Server

As Si pointed out, you can block GIFs and JPEGs, but then any HTML mail with embedded attachments will be stripped.  If this is acceptable in your organization, then it is probably the best method.  I know that in most organization that I've worked at in the past, this was not acceptable.  The executive director wants the pictures of his/her grandchild, his/her HTTP mail from business or non-business sources.  At one organization I worked at, we implemented a points based system using SPAM**(*'s for the number of points - upto 25).  Then we gave the users rules that they could implement that allowed them to adjust at what level SPAM got blocked and what was done with that SPAM.  Some users opted to get everything, some opted to have marginal SPAM sent to a SPAM folder, and some opted to delete anything marked as SPAM.  It was a fairly complex implementation, but the users got to determine what was the best for them... that is one thing that a lot of IT professionals and security professions forget.  We work for clients.  Our job is to provide solutions to their needs, not dictate our idea of what is right and wrong. Some threats have to be dealt with such as attached executables.  The average user might inadvertantly afflict the entire network, but stripping all pictures and picture attachments is a bit excessive in my opinion.  Why not implement a paper and pencil only communication rule? (Sorry to go off in a tangent... I just had to get that off of my chest.)

Can't you submit SPAM mail that is getting through the filter to makers of GFI Mail Security/Essential and request they update their detection engine to mark these emails? If GFI is a points based SPAM engine, mark any email with an embedded picture as SPAM level.  This way, you have the mail being SPAMMED instead of being stripped.  Legitimate email will get through and depending on your rules, will hopefully be put in a SPAM folder where the user can determine if it is a legitimate email or junk.  They can update their white lists to allow through mail they may want.

Best Wishes,

Jeffery Smith
0
 

Author Comment

by:chongbenkee
ID: 17831310
Thanks Si & Jeffrey.

We are currently using Exchange 2000, Advanced 2000 Server, GFI Mail Essential (Ver 12), GFI Mail Security (10) and AVG-Server (7.1).

For clarification, we have no problems dealing with attachment related spam mail, eg. emails which have attachments. The problem arises when an image is "paste" into the email, hence, making it "undetectable".
0
 
LVL 2

Expert Comment

by:Jeffesmi
ID: 17831809
What happens to your suspected SPAM currently?  Does it get dropped to a folder or is it deleted/dropped?  If you use the SPAM folder option, then marking any mail with an imbedded graphic as SPAM (I'm assuming that GFI can do this) would do the trick.  White lists would allow real mail to get through while dropping junk to the SPAM folder.  I'm still curious if you can submit the SPAM messages to the makers of GFI and ask to have the filter updated.  These are not undetectable as I've said, my AVG Internet Security pulls about 20 of these out of my mailbox a day. You could look at updating your AVG 7.1 Server to AVG 7.5 Internet security, but that would be expensive.

Best Wishes,

Jeffery Smith
0
 
LVL 2

Accepted Solution

by:
Jeffesmi earned 400 total points
ID: 17831831
These looks pertinent on blocking embedded images:

http://kbase.gfi.com/showarticle.asp?id=KBID002763
http://support.gfi.com/manuals/en/dsec6/dsec6manual-1-17.html


Best Wishes,

Jeffery Smith
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question