Re: Employees & their family / friends in collusion to bypass email fi
- From: "Rich Matheisen [MVP]" <richnews@xxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 26 Nov 2006 13:56:12 -0500
DefenderD90 <DefenderD90@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Currently, we have a barracuda that has about 40 manually typed extensions in
the barracuda interface to filter movie formats by extension.
However, it seems individuals are getting their friends on the outside to
rename :
blah.mpeg to blah.qrx - meaning it is a fake extension.
This bypasses the filters.
Drop /all/ the messages from those e-mail addresses. That'll take care
of the problem. Ignore the whining that they can't keep in touch with
their wife/friends/kids/aged relative/etc. Point them to HR and to
your acceptable use policy. If all they need are e-mail without
attachments to do that, limit the size of messages their mailbox can
receive to, say, 100K. If they can't do their job because of that
limitation, have them explin to their boss why they can't.
I asked barracuda networks if its possible to do any kind of mime filtering,
that analyzes the data, and not just the extension, through header/footer
analysis of the attachment(s), and they said it is not possible.
Filtering is possible with most spam filters if there's any sort of
recognizable "signature" in the file (e.g. executable (.exe) all have
a recognizable signature so changing the extension doesn't bypass that
check). MIME types can be used, but not effectively if the attachment
types aren't recognizable.
[ snip ]
However, it also seems once employees get this, they are circulating and
cc'ing everyone for example: a 7meg movie attachment, and sending it to 19
other employees....truely a waste of of the business email database space.
And you have a policy against this?
1. Put, for example, a 5MB send limit on the mailboxes.
2. Find out what HR, or the employee's management, can do.
3. Reduce the size of the offenders mailboxes.
Is there a way for exchange '03 enterprise, or any 3rd party addons, to
monitor internal to internal deliverance of multimedia files, and if they do
extension renaming or embedding in archived attachments, or a renamed
archived zip file to blah.jmz , true data analysis of content.
ZIP files are one class of file that/does/ have a recognizable
signature ("PK", similar to the .exe's "MZ").
If it continues, it'll become an HR issue leading to termination, but I need
professional opinions on this.
HR is the place to go. A public disciplinary action has an amazing
effect on the user populace.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx
.
- Follow-Ups:
- Re: Employees & their family / friends in collusion to bypass emai
- From: DefenderD90
- Re: Employees & their family / friends in collusion to bypass emai
- Prev by Date: Exchange 2003 administration tasks summed up
- Next by Date: Re: Problem with Public Folders
- Previous by thread: Re: Employees & their family / friends in collusion to bypass email fi
- Next by thread: Re: Employees & their family / friends in collusion to bypass emai
- Index(es):
Relevant Pages
|
