Solved

product that will scan a exchange 2010 sp 1  data-store for embedded links that are malicious ????

Posted on 2013-06-22
2
337 Views
Last Modified: 2013-11-22
does Bit 9 do this , macfee another product?

thanks
0
Comment
Question by:NAMEWITHELD12
2 Comments
 
LVL 80

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 250 total points
ID: 39268954
There is no such product that will do this.  Scanning attachments for a virus is as far as they go.  The reasoning is the amount of time involved versus the threat level.  The user may never click on the link so the time/performance hit involved is wasted and if they do then the real time scanner is better since it is updated more frequently and works on demand .. also a site may have been compromised a week ago and the user is just now getting around to it.. and the site has been fixed in the meantime.. also the converse when the message was received by exchange the link wasn't malicious but now it is.
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 39269061
bit 9 checks more for file metadata and its reputation. I doubt it does this type of DPI...

 For url based, there are alot but not for embedded URL in email, I do see if there is a greater DPI capability needed. The URL can be embedded in any form or we just simply do a regex for it against blacklist - performance loss is big impact for inline device scanning. I do not want to DoS the infra services

Assuming of you gotten the embedded URL string ....and if objective is to block malicious ones....chances are hardly desired as those URL against reputation maybe flagged as  effective as legit URL e.g.  "waterholed"  type or URL (site) compromised but is not detected (or updated to reputation services). Of course there can be more heuristic and action to crawl and scan  ...  Even google drive or legit social link is used to redirect into another actual malware delivery server...so is scanning URL really good  (maybe if it download a attachment or file and scanning may then be well worth ....)? ... sorry, I digress...

Having said that (for being "too realistic"), Trend Micro ScanMail claims to do that, catch this. For info, "Smart Protection Network " is their reputation 'cloud' service. In a way, the "offload" check into the 'cloud' and act on it...if you are doing a offline deployment probably some private cloud
 
http://www.trendmicro.co.uk/products/scanmail-for-microsoft-exchange/index.html#targeted-attacks

Part of Smart Protection Network, SmartScan technology scans URLs embedded in emails and attachments and blocks URLs leading to malicious sites

As a whole, I rather see any DPI can do this check for existing device (Maybe none) if really wanted and focus on beefing up endpoint and continuous monitoring strategy ... in holistic approach with doing "trust but verify"
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question