Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

product that will scan a exchange 2010 sp 1  data-store for embedded links that are malicious ????

Posted on 2013-06-22
2
Medium Priority
?
353 Views
Last Modified: 2013-11-22
does Bit 9 do this , macfee another product?

thanks
0
Comment
Question by:NAMEWITHELD12
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 83

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 1000 total points
ID: 39268954
There is no such product that will do this.  Scanning attachments for a virus is as far as they go.  The reasoning is the amount of time involved versus the threat level.  The user may never click on the link so the time/performance hit involved is wasted and if they do then the real time scanner is better since it is updated more frequently and works on demand .. also a site may have been compromised a week ago and the user is just now getting around to it.. and the site has been fixed in the meantime.. also the converse when the message was received by exchange the link wasn't malicious but now it is.
0
 
LVL 64

Accepted Solution

by:
btan earned 1000 total points
ID: 39269061
bit 9 checks more for file metadata and its reputation. I doubt it does this type of DPI...

 For url based, there are alot but not for embedded URL in email, I do see if there is a greater DPI capability needed. The URL can be embedded in any form or we just simply do a regex for it against blacklist - performance loss is big impact for inline device scanning. I do not want to DoS the infra services

Assuming of you gotten the embedded URL string ....and if objective is to block malicious ones....chances are hardly desired as those URL against reputation maybe flagged as  effective as legit URL e.g.  "waterholed"  type or URL (site) compromised but is not detected (or updated to reputation services). Of course there can be more heuristic and action to crawl and scan  ...  Even google drive or legit social link is used to redirect into another actual malware delivery server...so is scanning URL really good  (maybe if it download a attachment or file and scanning may then be well worth ....)? ... sorry, I digress...

Having said that (for being "too realistic"), Trend Micro ScanMail claims to do that, catch this. For info, "Smart Protection Network " is their reputation 'cloud' service. In a way, the "offload" check into the 'cloud' and act on it...if you are doing a offline deployment probably some private cloud
 
http://www.trendmicro.co.uk/products/scanmail-for-microsoft-exchange/index.html#targeted-attacks

Part of Smart Protection Network, SmartScan technology scans URLs embedded in emails and attachments and blocks URLs leading to malicious sites

As a whole, I rather see any DPI can do this check for existing device (Maybe none) if really wanted and focus on beefing up endpoint and continuous monitoring strategy ... in holistic approach with doing "trust but verify"
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question