VOF dilemma - will stripping EXE's etc. hurt VOF?

Dilemma - since VOF (Virus Outbreak Filters) are the last step in the message pipeline, do you hurt VOF performance by stripping attachments with filters? Specifically for attachment types you never would allow in anyway (EXE, COM, etc)?
Scenario One
Message or Content filter removes EXE
Outbreak occurs, VOF rule set to trigger on specific size EXE
Since a filter removed EXE, VOF has nothing look for, and you get pounded with thousands of "remnants" - virus messages without attachment. No virus attachment therefore no client damage, but helpdesk buried with support calls/complaints about suspicious but harmless messages.
Scenario Two
No filter to remove EXE
Outbreak occurs, VOF kicks in and stops most messages.
But before VOF kicks in, 15 messages with EXE's get through and infect clients. You are at greater risk since you didn't stop EXE's in the first place with a filter.
Are these scenarios correct? Any best practice suggestions?

Add a content filter to strip the exes.
This way, you can check for viruses and only take action if the message remains - it won't get to vof. Not a perfect solution but might be more of what you are looking for.
Where I work there are a whole batch of file extensions that are not allowed. We don't strip them in message filters since if they are a virus then the virus checker wouldn't find them. We have a content filter that looks for dictionary match in the X-IronPort-AV header for a dictionary of mass mailers that we know of and drop the message. If it gets past that content filter and still has a prohibited attachment, we drop the attachment.
NOTE: if you are doing it with scenario 1 and don't have some spare capacity then I wouldn't recommend letting them go to brightmail/ipas, and virus scanning.
You can configure in the cli with policyconfig->filters or in the gui under mail policies - incoming content filters. After adding the filters in the guii, you need to goto incoming mail policies to enable it for the for the default policy.
Filter Name: Drop_Mass_Mailers
Conditions:
header-dictionary-match("MassMailers","X-IronPort-AV")
Actions:
drop()
Description:
Drop mass mailers from the system
Filter Name: Drop_Prohibited_Attachments
Conditions (All of the following must match):
attachment-filename ==
"(?i)\\.(com|exe)$"
Actions:
drop-attachments-by-name("(?i)\\.(com|exe)$", "Attachment not allowed")
strip-header("Subject")
insert-header("Subject", "[Content Warning - Attachments Removed] $Subject")

Similar Messages

  • I'm trying to write an Applescript: when I add a file to a folder, I want finder to name it "1" and increment the other files in the folder by 1. i.e. once I drop a new file into the folder, the file originally called "1" will be renamed "2" etc

    I'm trying to write an Applescript. I have never used Applescript but my boss has just asked me to write a script so I dutifully nodded and said "Yes Boss"...
    The funtionality I need is that I want finder to rename the files in folder when I drop a new file in. When I add the new file (file neame: "1") to a folder, I want to increment the other file names in the folder by 1.
    So when I drop a my new "1" file into the folder, the file original file called "1" will be renamed "2", the original file named "2" will be renamed "3" etc
    I'm creating a 'stream' of images. When I add a new image i want it to nudge the other images in the folder along.
    Thanks guys!

    Maybe this will help. If you monitor the "More Like This" box (top right), other threads appear. Opening them usually displays other threads.
    https://discussions.apple.com/message/1986834#1986834

  • Angry Birds Friends on Facebook will not load in Firefox, just white screen. Will load using Chrome, etc?

    Angry Birds Friends on Facebook will not load in Firefox, just white screen. Will load using Chrome, etc? Checked for malware, cleared cache, re-installed Firefox, disabled add ons, enabled java, updated flash and shockwave, etc.

    Hello,
    Try disabling graphics hardware acceleration. Since this feature was added to Firefox, it has gradually improved, but there still are a few glitches.
    You might need to restart Firefox in order for this to take effect, so save all work first (e.g., mail you are composing, online documents you're editing, etc.).
    Then perform these steps:
    *Click the orange Firefox button at the top left, then select the "Options" button, or, if there is no Firefox button at the top, go to Tools > Options.
    *In the Firefox options window click the ''Advanced'' tab, then select "General".
    *In the settings list, you should find the ''Use hardware acceleration when available'' checkbox. Uncheck this checkbox.
    *Now, restart Firefox and see if the problems persist.
    Additionally, please check for updates for your graphics driver by following the steps mentioned in the following Knowledge base articles:
    [[Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems]]
    [[Upgrade your graphics drivers to use hardware acceleration and WebGL]]
    Did this fix your problems? Please report back to us!
    Thank you.

  • What command line parameters will QuickTimePlayer.exe accept?

    What command line parameters will QuickTimePlayer.exe accept?
    I wish to create a shortcut that will open URL to a .mov with the QuickTime application.

    Hi,
    I found the Script at the Task schedulder /libary/ Microsoft/defrag
    There was some discussion of this topic here:
    https://social.technet.microsoft.com/Forums/windows/en-US/7fc46461-daf5-4004-b1a7-ca645e370ee5/defrag-on-ssd-the-volume-system-reserved-was-not-optimized-because-an-error-was-encountered-the?forum=w8itprogeneral
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • When upgrading to Lion, will the documents, photos etc get wiped off..?

    When upgrading to Lion, will the documents, photos etc get wiped off..?

    All it does is update the OS.
    Which in no way implies that you don't need a backup prior to upgrading. While extremely unlikely, anything can happen in the process.

  • Hi, recently i have forgotten my passcode to my itouch and it has disabled it. if i connect my itouch to my current itunes to enable it, will my music/apps etc be deleted off my ipad? thanks!

    hi, recently i have forgotten my passcode to my itouch and it has disabled it. if i connect my itouch to my current itunes to enable it, will my music/apps etc be deleted off my ipad? thankyou!

    You need to place the iPod in Recovery mode and then connect to your computer and restore via iTunes. The iPod will be erased.
    You can redownload iTunes purchases by:
    Downloading past purchases from the App Store, iBookstore, and iTunes Store
    iOS: Wrong passcode results in red disabled screen

  • Is anyone having a problem with iPhone 5 not backing up to iCloud. No problem at first now it says it will take 35 hrs, etc to back up.

    Is anyone having a problem with iPhone 5 not backing up to iCloud. No problem at first now it says it will take 35 hrs, etc to back up.

    Thanks for the swift reply, I have been looking online and a loose plug seems to be somewhat of an issue with many, I hope mine is actually a problem and not what others are experiencing. It's taken me this long to even reach out for the simple fact I HATE being a complainer but this is just horrible.
    Do you have an iPad 3 as well? And is yours not experiencing any issues close to mine?
    Thanks again!

  • If I move from MobileMe to iCloud but don't update my mobile devises to 5.0 will sync of calendars, etc still work?

    I don't want to update my mobile devices to 5.0 ( doesn't seem available for my verizon iphone4 to itouch). My question is, if I transfer my mobileme accounts toicloud, will calander, notes, contacts etc still sync and update on my mobile devises?

    Yes, if you Restore, when the phone reboots you can say Restore from Backup.

  • Flash builder 4.6 missing strip.exe for mobile compile

    I already manually moved the files from the AIR sdk into my flash builder sdk.  But I am getting an error:
    Error occurred while packaging the application:
    SDK is missing file C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\sdks\4.6.0\lib\aot/bin/strip/strip.exe
    I checked the AIR SDK and the current download doesn't have a strip.exe...
    Any ideas.  Thanks,
    -Jonathan

    Thanks- I fixed the problem by updating to the latest apache flex sdk.  Had to tweak a couple things but got it working.  Just waned to say thank-you for your willingness to help.
    -Jonathan

  • HT1766 Got iPhone stolen.  If I "delete iPhone" from icloud, will I lose contacts etc. that I can currently access on icloud?

    Got iPhone stolen.  If I "delete iPhone" from icloud, will I lose contacts etc. that I can currently access on icloud?

    Welcome to the Apple Support Communities
    It will only erase the device

  • My SKYPE will not allow calls, etc. but knows who ...

    I m inn Denmark.  My Skype knows who I am but i cannot use any feature, no calling options nor SMS, IM, etc.  I have no access to my list of my contacts. My home computer is a PC.   I am now on a MAC.  My friend's SKYPE on this MAC works OK, mine does not.
    Why?

    Croozie wrote:
    I unfortunately have the exact same problem and am currently trying to fix it the way you did. One more question, though. Was it the "settings" folder you deleted? (C:\User\Username\Appdata\Roaming\Skype\SkypeUsername\settings) or was it something different? I was just curious, if I'm actually doing it right c:
    Thanks in advance~
    Quit Skype or use Windows Task Manager to kill any Skype.exe process. Go to Windows Start and in the Search/Run box type %appdata% and then press Enter or click the OK button. The Windows File Explorer will pop up. There locate a folder named “Skype”. Rename this folder to something different, e.g. Skype_old.
    Next go to Windows Start and in the Search/Run box type %temp%\skype and then press Enter or click the OK button. Delete the DbTemp folder.
    Restart Skype.
    N.B. If needed, you will still be able to re-establish your call and chat history. All data is still saved in the Skype_old folder.

  • I have a new pc, and when updating ipad software it will erase all apps etc, is there any way to stop this from happening and make my new laptop my ipads "home" pc???

    I have a new laptop, and have copied over my existing itunes libary, but when i connect my ipad, and go to update the software to the new version it warns me that it will wipe all my apps etc..... How can i stop this from happening and make my new laptop the "home" for my ipad??
    Any help gratefully received! :-)

    Macs use an application called Migration Assistant to copy material from the old Mac to the new one. The macs are connected together and each runs Migration Assistance and the user chooses what stuf to copy onto the new Mac.
    Unfortunately I do not know how to do this between pcs or between a Mac and a Pf or even if it's even possible.

  • ITunes 10 will not open / Reinstalled etc but Nothing Happens!!!

    I was asked to upgrade in iTunes 9.2 yesterday. Update downloaded and installed ok but the program didn't open, so i tried a few things then started on reinsatlling again and again...
    I've reinstalled many times, removed everything with ccleaner,cleaned registry deleted everything i could find to do with apple but still same problem after install hit the iTunes icon computer thinks about it but doesn't open, nothing at all happens, I've had the software agreement a few times but not always.
    Tried extracing .exe and installing one by one in certain order as mentioned in another thread, I've created new profiles, tried with bb disconnected firewall, anti-virus etc disabled - same thing!!
    Tried going back to 9.2 as still have the exe after recent os install but after it installs when try to open the app i get message saying cant open because of newer "iTunes Library.itl" - I even tried searching for that to delete but its the itunes10 exe
    I only want to upgrade my phone os to 4.1
    Itunes really is a crap, never liked it just gotta use it for my phone...
    anyway...
    Any help or advice appreaciated
    O.S: Windows 7 Ultimate 64Bit / All OS Updates
    Message was edited by: Mass01

    I have 10 working now, tbh not really sure wich one of the many things I tried worked but my pc was off for a while had some food when i got home, rebooted clicked the icon just for kicks and up it popped!
    Before i switched off, I actually reinstalled again... through the extract method but i installed on a new profile, installing itunes .msi last but still didn't work anyway logged off then back on my main profile still didn't work!
    Anyway checked appple stuff in firewall(Esnet SS4)again then changed bonjour permissions but also didn't work at the time, seriouly p1ssed me off this whole thing, any how went for dinner came back and hello 10.... all this crap just to update my phone! this *****.
    I personally think it's something to do with the bonjour service, i'm probably wrong but check your firewall/security settins etc allow everything to do with apple lol.. I was also offline when it opened before i had chance to connect bb.
    anywayz good luck people if this blurb helps you, you just didn't waste the last few minutes of your life!

  • A friend can't update her iPad (1) as it times out after 12 Hours.  What would happen if she uses my pc with a faster Internet?  Will my iTunes, syncing etc get messed up with hers?

    A friend can't update her iPad (1) operating system as it keeps telling her to do, as her Internet timed out after 12 hours.  Can we use my PC with a fast Internet or will that mess up my iTunes, syncing etc?  Should she just find an apple store?

    - She can try disabling the the security software on here computer during the download and update.
    - Update the iPad on your computer will not mess up yur computer or iPad. However, she will then have to restore the iPad on her computer if she want to sync to that computer. Also, unless all the media is on your computer it will not be on her computer after the update.

  • I have updated Flash Player but it still will not play videos etc. Any clues what i have to do?

    I suddenly have troublewith playing videos on Firefox - and have uninstalled and reinstalled but still it will not work.
    Any clues what else i need to do?

    Which version of Flash did you reinstall? <br />
    IE uses the ActiveX version, where other browsers need the Plugin version of Flash.
    Here's the "drill" for installing Flash for Firefox.
    1.Download the Flash Plugin version setup file from here: <br />
    [http://download.macromedia.com/pub/flashplayer/current/install_flash_player_32bit.exe Adobe Flash - 32-bit Plugin version]. <br />
    Save it to your Desktop.<br />
    2. Close Firefox using File > Exit <br />
    then check the Task Manager > Processes tab to make sure '''firefox.exe''' is closed, <br />
    {XP: Ctrl+Alt+Del, Vista: Shift+Ctrl+ESC = Processes tab}
    3. Then run the Flash setup file from your Desktop.
    4. Start Firefox and test your installation here: https://www.adobe.com/software/flash/about/
    * On Vista and Windows 7 you may need to run the plugin installer as Administrator by starting the installer via the right-click context menu if you do not get an UAC prompt to ask for permission to continue (i.e nothing seems to happen). <br />
    See this: <br />
    [http://vistasupport.mvps.org/run_as_administrator.htm]

Maybe you are looking for

  • Photoshop Elements 13 crashes my Windows 7 PC every time I edit and try to save a panorama jpg created on a Samsung Galaxy S5 camera phone.

    Photoshop Elements 13 program crashes every time when using my Windows 7 PC to edit and try to save a panorama jpg created on a Samsung Galaxy S5 camera phone. However, Photoshop Elements 11 will perform and save the edits OK. What is wrong with vers

  • I take a lot of people shots and have way too many out of focus pics.

    I have way too many out of focus shots.  I usually use tv mode with the shutter set at least 250 with the anti shake on.  I know there is a balance of aperature, iso and they seem to be close enough for lighting but the out of focus drives me nuts. T

  • No Component found for the structure

    Hi I am getting the following error when extracted the delta upload into BI No Component found for the structure for article 809875. The extractor is 2LIS_02_SCL. The following is the msg in the status bar. Error message from the source system Diagno

  • Free Music with iTunes

    I just got an iPod and was informed that you can get free music from iTunes on Tuesdays or with special offers. How do I get the free music? Is there a special place you have to go on the iTunes site?

  • Native Browser Support

    Hi I have successfully setup JavaHelp 2.0 to use the JDIC components and render the help through the Native Browser. However, I still have an issue with the links refereneced through the JavaHelp MAP file. Currently Internet Explorer is unable to ret