Solved

Block non-password protected .zip attachments.

Posted on 2010-08-24
6
992 Views
Last Modified: 2012-05-10
Is there a free or really cheap solution to be able to block outbound email with attached .zips that are not password protected?

I understand that I can do a search on Google and get lots of hits but I would like to hear from people that are actually using the application they are recommending.

We are currently using MS Exchange 2003 and MessageLabs (external SMTP). Email clients are using Outlook 2003 and the approximate total user base is 170.
0
Comment
Question by:SSAKUSEISHA
  • 3
  • 2
6 Comments
 
LVL 9

Expert Comment

by:Barry Gill
ID: 33518904
just a question... more people are likely to refuse password protected zip files than those that aren't as this is a common attack vector used by virus writers.
Are you looking to secure your users data, attachments etc? Have you considered using a more appropriate encryption technology?
0
 

Author Comment

by:SSAKUSEISHA
ID: 33519190
barrulus, thank you for your comment.

Actually, this is supposedly a compliance requirement (I'm not in the US) so even if that is the case, management wants it implemented.
0
 
LVL 3

Accepted Solution

by:
jabri007 earned 125 total points
ID: 33519199
I guess IMSS 7.2 for Windows would actually be Best as per your requirement
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 9

Assisted Solution

by:Barry Gill
Barry Gill earned 125 total points
ID: 33519537
compliance requirement?
There is NO legislation that mandates zipping files, though there is plenty that mandates securing and encrypting specific types of data (particularly private data and financial data). The forms of encryption accepted do not include password protecting zip files.

Messagelabs have an encryption product and a TLS product that will meet your legislative requirements alot better (I work for a competitor of theirs, but I know what they have).

Best thing to do is guide your management correctly, blindly implementing a technology because someone "said so" will ultimately cost you pain and suffering when you have to reverse engineer it all at a later stage.

Find out what legislation they are trying to comply with, I can direct you in terms of what the actual best fit application/service will be to meet that requirement.
0
 

Author Comment

by:SSAKUSEISHA
ID: 33555167
Thank you for your comments and advice. I was hoping that more people would comment so my apologies for not updating sooner.

I have requested to see the actual compliance rule but have yet to receive it. I am in Japan and JSOX (born from U.S. SOX) is the name of the regulation. It just started about two years ago and many of the technical guidelines are still unclear.

We have already looked at TLS with MessageLabs but the fees that Message Labs Japan wants to charge was not inline with what the business is willing to pay. We also looked at changing over to Postini for a better TLS rate but management did not want to change the current email infrastructure.
0
 

Author Closing Comment

by:SSAKUSEISHA
ID: 33750058
Thank you for your assistance. I still have not been able to get clear requirements but for now, it appears that simply creating a management control of requiring attachments to be zipped and encrypted with 7-Zip will be sufficient.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question