Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Block non-password protected .zip attachments.

Posted on 2010-08-24
6
1,003 Views
Last Modified: 2012-05-10
Is there a free or really cheap solution to be able to block outbound email with attached .zips that are not password protected?

I understand that I can do a search on Google and get lots of hits but I would like to hear from people that are actually using the application they are recommending.

We are currently using MS Exchange 2003 and MessageLabs (external SMTP). Email clients are using Outlook 2003 and the approximate total user base is 170.
0
Comment
Question by:SSAKUSEISHA
  • 3
  • 2
6 Comments
 
LVL 9

Expert Comment

by:Barry Gill
ID: 33518904
just a question... more people are likely to refuse password protected zip files than those that aren't as this is a common attack vector used by virus writers.
Are you looking to secure your users data, attachments etc? Have you considered using a more appropriate encryption technology?
0
 

Author Comment

by:SSAKUSEISHA
ID: 33519190
barrulus, thank you for your comment.

Actually, this is supposedly a compliance requirement (I'm not in the US) so even if that is the case, management wants it implemented.
0
 
LVL 3

Accepted Solution

by:
jabri007 earned 125 total points
ID: 33519199
I guess IMSS 7.2 for Windows would actually be Best as per your requirement
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 9

Assisted Solution

by:Barry Gill
Barry Gill earned 125 total points
ID: 33519537
compliance requirement?
There is NO legislation that mandates zipping files, though there is plenty that mandates securing and encrypting specific types of data (particularly private data and financial data). The forms of encryption accepted do not include password protecting zip files.

Messagelabs have an encryption product and a TLS product that will meet your legislative requirements alot better (I work for a competitor of theirs, but I know what they have).

Best thing to do is guide your management correctly, blindly implementing a technology because someone "said so" will ultimately cost you pain and suffering when you have to reverse engineer it all at a later stage.

Find out what legislation they are trying to comply with, I can direct you in terms of what the actual best fit application/service will be to meet that requirement.
0
 

Author Comment

by:SSAKUSEISHA
ID: 33555167
Thank you for your comments and advice. I was hoping that more people would comment so my apologies for not updating sooner.

I have requested to see the actual compliance rule but have yet to receive it. I am in Japan and JSOX (born from U.S. SOX) is the name of the regulation. It just started about two years ago and many of the technical guidelines are still unclear.

We have already looked at TLS with MessageLabs but the fees that Message Labs Japan wants to charge was not inline with what the business is willing to pay. We also looked at changing over to Postini for a better TLS rate but management did not want to change the current email infrastructure.
0
 

Author Closing Comment

by:SSAKUSEISHA
ID: 33750058
Thank you for your assistance. I still have not been able to get clear requirements but for now, it appears that simply creating a management control of requiring attachments to be zipped and encrypted with 7-Zip will be sufficient.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question