how do you filter attachements?

Unanswered Question
Dec 7th, 2007

Hello all,

I was hoping to get some feedback how you(your org) deals with attachment filtering. Currently we simply drop messages with things like .exe, .url etc... The problem is users never know they were sent a message. I've though about attachment stripping, but read in a previous thread that doing this essentially bypasses the Outbreak filters. Then if there is an outbreak users get hammered with what looks like spam.

I'm considering sending a bounce to the sender, but then you've got problems with spoofed addresses etc.

So what's the general opinion on the best way to handle filtered attachments? (And please, I don't want to hear it depends on your organization)

Thanks in advance!

-Seth

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
IIAGDTRnSC Mon, 12/10/2007 - 13:41

What I currently do is strip the attachment. If it is a non-business email then the users know our company policy covers this.

For some attachments, like non-business movies, etc., I set a rule to a filter to strip the attachment but let the mail through so the user knows he got an email but he can't watch a 10MB movie of some wedding dance that's been in the news.

Trouble is the first time such an email arrives it's not possible to create a filter on the fly and apply it to that email, only the ones that come after. So the first email is dropped. I've asked for this as a feature request, hopefully it will come sooner or later.

All this said I have custom filters to just drop emails, especially chain mails whenever possible. It does depend on your organization and how much you (the manager) control.

- Richard

Seth Miller Tue, 12/11/2007 - 18:03

Thanks Richard I appreciate the feedback. One thing I don't understand is why you say "the first email is dropped"? Wouldn't be allowed through until you create a filter for it?

Anyone else care to chime in on thier configuration?

Thanks,
Seth

IIAGDTRnSC Tue, 12/11/2007 - 18:55

What I do is quarantine (admin only, no user quarantines) various file types like .mp3 files. Then if it's, say, wedding_dance_forwarded_one_billion_times.mp3, I create a filter to strip the file. I then delete this first email and those that follow have the file stripped. I'd like to be able to run the original email through this this new filter so it's not deleted unless I want to do that.


Thanks Richard I appreciate the feedback.  One thing I don't understand is why you say "the first email is dropped"?  Wouldn't be allowed through until you create a filter for it?  

Anyone else care to chime in on thier configuration?

Thanks,
Seth
IIAGDTRnSC Tue, 12/11/2007 - 18:56

What I do is quarantine (admin only, no user quarantines) various file types like .mp3 files. Then if it's, say, wedding_dance_forwarded_one_billion_times.mp3, I create a filter to strip the file. I then delete this first email and those that follow have the file stripped. I'd like to be able to run the original email through this this new filter so it's not deleted unless I want to do that.


Thanks Richard I appreciate the feedback.  One thing I don't understand is why you say "the first email is dropped"?  Wouldn't be allowed through until you create a filter for it?  

Anyone else care to chime in on thier configuration?

Thanks,
Seth

Actions

This Discussion