Solved

Any help blocking phishing emails with .zip attachments

Posted on 2013-11-17
4
857 Views
Last Modified: 2013-12-11
My business is being besought with phony emails trying to get the receiver to open a zip file attachment.

Some of these are darn clever and I have tried and tried to educate my people. Nevertheless, some eventually get through.

I am on a shared hosting hosting plan that uses C-Panel. The only mail filtering is Spam Assassion and Email Authentication.

I have spoken to my service provider to see if there was a way to flag zip file attachments, but he says no.

I  would like to inform our vendors that we don't accept zip files, or that zip files must be directed to a specific address, and filter out all of the others.

It there a method for this or are there other filtering methods that I don't know about? Surely this is a big enough problem world wide that there are some solutions, or at least partial solutions.
0
Comment
Question by:David Brugge
4 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
The fact that you're using a shared host limits your options.
Chances are that your host uses Exim and don't want to bother to set up rules for your domain.

What you can do is pay for something like SpamExperts ( http://www.spamexperts.com/en ) and ask your host to configure it for you. With it you can set up your blocked extensions using the UI.

PS: I used to get a LOT of spoofed mail using only SpamAssassin. Very little now with Spam Experts.

HTH,
Dan
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Hi.

> I  would like to inform our vendors that we don't accept zip files, or that zip files must be directed to a specific address, and filter out all of the others.
If you think about this measure, why not tell your vendors to send only attachments zipped as 7zip (.7z) from now on? 7zip is free. You could block the attachment type .zip afterwards, either at your endpoints or at the mail server (if technicalkly possible*). Spammers almost never use .7z because windows would need 7zip installed, while .zip needs no additional program.

* at the endpoint: with outlook for example, we can block certain file types.
0
 
LVL 26

Author Comment

by:David Brugge
Comment Utility
Sounds like part of a solution. We don't use Outlook because of the problems they had years ago when we were setting up the system. As a result most of the stations use Eudora and a few use Thunderbird.

I haven't found a way to filter file types in Eudora, haven't checked Thunderbird, but only two stations use it and it's not likely I can convince anyone to change.

As far as filtering at the mail server, this seems logical to me, but it is above my pay grade.
0
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 500 total points
Comment Utility
I highly recommend you look into FireEye, Invincea, EMET, and OpenDNS.

Redirecting your mail simply requires modifying your MX record to point to a provider which gives your more control (migration issues aside.)  Google Apps is one such provider (see Attachment Filters, etc.)

Not only that, you'll get access to multiple redundant mail servers and full-time anti-malware teams.  If your current provider won't allow this control, vote with your wallet.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now