Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 19 December 2024, 05:10:52 am

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Blocking zip attachments
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Blocking zip attachments  (Read 30874 times)
dda
Sr. Member
****
Offline Offline

Posts: 227


« on: Friday 04 November 2016, 10:43:51 am »

Getting a steady flood of ransomware laden zip attachments, anyone have a clue how I can block these?
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #1 on: Friday 11 November 2016, 01:04:05 am »

Anyone?
Logged
Gabriel GHEORGHIU
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #2 on: Saturday 12 November 2016, 03:44:31 am »

Hi,

Please try this: Proxy -> SMTP -> Configuration -> File settings -> enable "Block files by extensions" -> enable "Block archives that contain blocked filetypes" -> choose extension(s) -> Save
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #3 on: Saturday 19 November 2016, 03:26:14 am »

Being under the SMTP section i assumed this was related to outgoing email.
Logged
Gabriel GHEORGHIU
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #4 on: Saturday 19 November 2016, 04:47:26 am »

Being under the SMTP section i assumed this was related to outgoing email.

Hi dda,

No, it's working in both ways.

I'm using these settings everyday.

"The purpose of the SMTP proxy is to control and optimise the SMTP traffic and to protect the local networks from threats when using the SMTP protocol. SMTP is used whenever an e-mail is sent from a local e-mail client to a remote mail server, that is, for the outgoing e-mails. It will also be used if an mail server is running on the LAN (i.e., within the GREEN zone) or DMZ (ORANGE zone) and the e-mails can be sent from outside the local network (incoming requests) through t hat mail server, that is, when clients are allowed to send e-mails from the RED interface."

http://docs.endian.com/3.2/utm/proxy/smtp.html
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #5 on: Tuesday 22 November 2016, 01:50:11 am »

I don't have a mail server behind the firewall will this still work for me?
Logged
Gabriel GHEORGHIU
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #6 on: Tuesday 22 November 2016, 04:21:01 am »

Hi dda,

I really don't know! I never tried this scenario. My email server is in DMZ.
But you can try. It's very easy to try. Is that server your email server, even if isn't behind your firewall?
Presuming yes, you send and receive emails also from a desktop client (Thunderbird, Outlook, ...) not only from web mail. Maybe will work.
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #7 on: Wednesday 23 November 2016, 12:37:41 am »

Yes I am using outlook as a client and the emails are still passing thru.  I have had two machines recently with ransomware infections that came inside zip files so I am trying to prevent it happening again.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com