F-Secure Server Security for Exchange 9.3

RPEvans
RPEvans Posts: 7 Security Scout

Good morning,

 

I have a problem with a new white list of file types that need to be active.

 

Under the transport protection heading, inbound and outbound mail I have created a new white list and populated it with about 25 file extensions preceded with a full stop.  So .txt .jpg .pdf and so on.  I then save the list.

 

I then change the drop down menu 'strip these attachments' to all files and then under 'exclude these attachments' to my new white list.  Rather than blocking everything except my white list F-Secure simply continues to block everything.  I test by sending a jpg file to my personal email account and within 5 seconds I get an F-Secure Postmaster message saying the email was blocked due to disallowed file type.

 

Is my white list configured correctly?  If so how can I troubleshoot this problem?

 

Many thanks,

 

Ross

Comments

  • RPEvans
    RPEvans Posts: 7 Security Scout

    Ok I have managed to get this working now.  I hadn't put the * before the full stop and extension type.  All seems to be working now.

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    There are two problems with your post:

     

    - Letting through all .PDF files without any scanning is dangerous. Exploits and trojans hidden in PDF files are commonly used to target security holes in the Adobe Acrobat product family and other, independent PDF-handling programs. This phenomenon is galore in spear phishing campaigns. F-Secure Corp. actually has a "horror show" of "poisoned" PDF docs on Youtube, I think.

     

    (Adobe Acrobat is not a paper-to-screen file format, rather, it is full of multimedia-embedding features. For example, the US military uses these features to create all-singing all-dancing animated weapons handling instruction manuals, which the average IQ 75 G. I. Joe can understand without blowing himself up... However, these multimedia features can also be exploited for hiding malware code, more or less the same way as the old Microsoft Office macro viruses worked.)

     

    - The most recent version of Exchange protection is FSAV ESS 10.01 and soon there will be ESS 11.00 or 11.50. In fact I think there was version 9.00 and 9.20, but not ver. 9.30? Please check "f-secure.com/webclub" to see if you are using the latest version!

     

    Best Regards: Tamas Feher, Hungary.

  • RPEvans
    RPEvans Posts: 7 Security Scout

    Hello,

     

    Thanks for your reply.  You are correct and we shouldn't simply allow this type of file to not be scanned.  Under the Viruses heading we are still scanning PDF attachments so hopefully this is Ok.

     

    It is under the Attachment Filtering heading that I seem to still be having a few issues.  We want to strip all attachments from outgoing emails with the exception of a white white I have created.  However I cannot send meeting requests from MS Outlook without receiving a postmaster message saying the metting.ics attachment is unsafe and has been stripped.  This still happens despite the *.ICS and MEETING.ICS are present in the white list.

     

    If anyone can help with this I would appreciate it!

     

    Thanks,

    Ross

  • SeanV
    SeanV Posts: 19 Cyber Knight

    Dear RPEvans,

     

    We might need more information to further analyze the issue. Please feel free to contact our support team and provide more information so that our Technical Expert can analyze the case and give you a solution. Below is the link to contact our support team :-
     
    http://www.f-secure.com/en/web/home_global/support/contact
     
     

    Thanks.
    Best Regards,
    Sean Veloo

    ..........................................................................................................................................................................................................................
    Has somebody helped you? Say thanks by giving kudos. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.

This discussion has been closed.

Categories