Solved

product that will scan a exchange 2010 sp 1  data-store for embedded links that are malicious ????

Posted on 2013-06-22
2
323 Views
Last Modified: 2013-11-22
does Bit 9 do this , macfee another product?

thanks
0
Comment
Question by:NAMEWITHELD12
2 Comments
 
LVL 79

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 250 total points
ID: 39268954
There is no such product that will do this.  Scanning attachments for a virus is as far as they go.  The reasoning is the amount of time involved versus the threat level.  The user may never click on the link so the time/performance hit involved is wasted and if they do then the real time scanner is better since it is updated more frequently and works on demand .. also a site may have been compromised a week ago and the user is just now getting around to it.. and the site has been fixed in the meantime.. also the converse when the message was received by exchange the link wasn't malicious but now it is.
0
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 39269061
bit 9 checks more for file metadata and its reputation. I doubt it does this type of DPI...

 For url based, there are alot but not for embedded URL in email, I do see if there is a greater DPI capability needed. The URL can be embedded in any form or we just simply do a regex for it against blacklist - performance loss is big impact for inline device scanning. I do not want to DoS the infra services

Assuming of you gotten the embedded URL string ....and if objective is to block malicious ones....chances are hardly desired as those URL against reputation maybe flagged as  effective as legit URL e.g.  "waterholed"  type or URL (site) compromised but is not detected (or updated to reputation services). Of course there can be more heuristic and action to crawl and scan  ...  Even google drive or legit social link is used to redirect into another actual malware delivery server...so is scanning URL really good  (maybe if it download a attachment or file and scanning may then be well worth ....)? ... sorry, I digress...

Having said that (for being "too realistic"), Trend Micro ScanMail claims to do that, catch this. For info, "Smart Protection Network " is their reputation 'cloud' service. In a way, the "offload" check into the 'cloud' and act on it...if you are doing a offline deployment probably some private cloud
 
http://www.trendmicro.co.uk/products/scanmail-for-microsoft-exchange/index.html#targeted-attacks

Part of Smart Protection Network, SmartScan technology scans URLs embedded in emails and attachments and blocks URLs leading to malicious sites

As a whole, I rather see any DPI can do this check for existing device (Maybe none) if really wanted and focus on beefing up endpoint and continuous monitoring strategy ... in holistic approach with doing "trust but verify"
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question