Solved

product that will scan a exchange 2010 sp 1  data-store for embedded links that are malicious ????

Posted on 2013-06-22
2
314 Views
Last Modified: 2013-11-22
does Bit 9 do this , macfee another product?

thanks
0
Comment
Question by:NAMEWITHELD12
2 Comments
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 250 total points
ID: 39268954
There is no such product that will do this.  Scanning attachments for a virus is as far as they go.  The reasoning is the amount of time involved versus the threat level.  The user may never click on the link so the time/performance hit involved is wasted and if they do then the real time scanner is better since it is updated more frequently and works on demand .. also a site may have been compromised a week ago and the user is just now getting around to it.. and the site has been fixed in the meantime.. also the converse when the message was received by exchange the link wasn't malicious but now it is.
0
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 39269061
bit 9 checks more for file metadata and its reputation. I doubt it does this type of DPI...

 For url based, there are alot but not for embedded URL in email, I do see if there is a greater DPI capability needed. The URL can be embedded in any form or we just simply do a regex for it against blacklist - performance loss is big impact for inline device scanning. I do not want to DoS the infra services

Assuming of you gotten the embedded URL string ....and if objective is to block malicious ones....chances are hardly desired as those URL against reputation maybe flagged as  effective as legit URL e.g.  "waterholed"  type or URL (site) compromised but is not detected (or updated to reputation services). Of course there can be more heuristic and action to crawl and scan  ...  Even google drive or legit social link is used to redirect into another actual malware delivery server...so is scanning URL really good  (maybe if it download a attachment or file and scanning may then be well worth ....)? ... sorry, I digress...

Having said that (for being "too realistic"), Trend Micro ScanMail claims to do that, catch this. For info, "Smart Protection Network " is their reputation 'cloud' service. In a way, the "offload" check into the 'cloud' and act on it...if you are doing a offline deployment probably some private cloud
 
http://www.trendmicro.co.uk/products/scanmail-for-microsoft-exchange/index.html#targeted-attacks

Part of Smart Protection Network, SmartScan technology scans URLs embedded in emails and attachments and blocks URLs leading to malicious sites

As a whole, I rather see any DPI can do this check for existing device (Maybe none) if really wanted and focus on beefing up endpoint and continuous monitoring strategy ... in holistic approach with doing "trust but verify"
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data‚Ķ
how to add IIS SMTP to handle application/Scanner relays into office 365.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now