Solved

Any help blocking phishing emails with .zip attachments

Posted on 2013-11-17
4
929 Views
Last Modified: 2013-12-11
My business is being besought with phony emails trying to get the receiver to open a zip file attachment.

Some of these are darn clever and I have tried and tried to educate my people. Nevertheless, some eventually get through.

I am on a shared hosting hosting plan that uses C-Panel. The only mail filtering is Spam Assassion and Email Authentication.

I have spoken to my service provider to see if there was a way to flag zip file attachments, but he says no.

I  would like to inform our vendors that we don't accept zip files, or that zip files must be directed to a specific address, and filter out all of the others.

It there a method for this or are there other filtering methods that I don't know about? Surely this is a big enough problem world wide that there are some solutions, or at least partial solutions.
0
Comment
Question by:David Brugge
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 39655562
The fact that you're using a shared host limits your options.
Chances are that your host uses Exim and don't want to bother to set up rules for your domain.

What you can do is pay for something like SpamExperts ( http://www.spamexperts.com/en ) and ask your host to configure it for you. With it you can set up your blocked extensions using the UI.

PS: I used to get a LOT of spoofed mail using only SpamAssassin. Very little now with Spam Experts.

HTH,
Dan
0
 
LVL 55

Expert Comment

by:McKnife
ID: 39656051
Hi.

> I  would like to inform our vendors that we don't accept zip files, or that zip files must be directed to a specific address, and filter out all of the others.
If you think about this measure, why not tell your vendors to send only attachments zipped as 7zip (.7z) from now on? 7zip is free. You could block the attachment type .zip afterwards, either at your endpoints or at the mail server (if technicalkly possible*). Spammers almost never use .7z because windows would need 7zip installed, while .zip needs no additional program.

* at the endpoint: with outlook for example, we can block certain file types.
0
 
LVL 26

Author Comment

by:David Brugge
ID: 39657584
Sounds like part of a solution. We don't use Outlook because of the problems they had years ago when we were setting up the system. As a result most of the stations use Eudora and a few use Thunderbird.

I haven't found a way to filter file types in Eudora, haven't checked Thunderbird, but only two stations use it and it's not likely I can convince anyone to change.

As far as filtering at the mail server, this seems logical to me, but it is above my pay grade.
0
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39657814
I highly recommend you look into FireEye, Invincea, EMET, and OpenDNS.

Redirecting your mail simply requires modifying your MX record to point to a provider which gives your more control (migration issues aside.)  Google Apps is one such provider (see Attachment Filters, etc.)

Not only that, you'll get access to multiple redundant mail servers and full-time anti-malware teams.  If your current provider won't allow this control, vote with your wallet.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question