Solved

product that will scan a exchange 2010 sp 1  data-store for embedded links that are malicious ????

Posted on 2013-06-22
2
330 Views
Last Modified: 2013-11-22
does Bit 9 do this , macfee another product?

thanks
0
Comment
Question by:NAMEWITHELD12
2 Comments
 
LVL 80

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 250 total points
ID: 39268954
There is no such product that will do this.  Scanning attachments for a virus is as far as they go.  The reasoning is the amount of time involved versus the threat level.  The user may never click on the link so the time/performance hit involved is wasted and if they do then the real time scanner is better since it is updated more frequently and works on demand .. also a site may have been compromised a week ago and the user is just now getting around to it.. and the site has been fixed in the meantime.. also the converse when the message was received by exchange the link wasn't malicious but now it is.
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 39269061
bit 9 checks more for file metadata and its reputation. I doubt it does this type of DPI...

 For url based, there are alot but not for embedded URL in email, I do see if there is a greater DPI capability needed. The URL can be embedded in any form or we just simply do a regex for it against blacklist - performance loss is big impact for inline device scanning. I do not want to DoS the infra services

Assuming of you gotten the embedded URL string ....and if objective is to block malicious ones....chances are hardly desired as those URL against reputation maybe flagged as  effective as legit URL e.g.  "waterholed"  type or URL (site) compromised but is not detected (or updated to reputation services). Of course there can be more heuristic and action to crawl and scan  ...  Even google drive or legit social link is used to redirect into another actual malware delivery server...so is scanning URL really good  (maybe if it download a attachment or file and scanning may then be well worth ....)? ... sorry, I digress...

Having said that (for being "too realistic"), Trend Micro ScanMail claims to do that, catch this. For info, "Smart Protection Network " is their reputation 'cloud' service. In a way, the "offload" check into the 'cloud' and act on it...if you are doing a offline deployment probably some private cloud
 
http://www.trendmicro.co.uk/products/scanmail-for-microsoft-exchange/index.html#targeted-attacks

Part of Smart Protection Network, SmartScan technology scans URLs embedded in emails and attachments and blocks URLs leading to malicious sites

As a whole, I rather see any DPI can do this check for existing device (Maybe none) if really wanted and focus on beefing up endpoint and continuous monitoring strategy ... in holistic approach with doing "trust but verify"
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question