Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Content Filter > Ransomware attachments II - DOCM

[F] Alt-N Discussion Groups / MDaemon Discussion Groups / MDaemon Content Filter /

Ransomware attachments II - DOCM

Hi,

(No response to my previous message about infected RTF files coming through the restricted attachments filter.)

I also have *.DOCM restricted but these are still delivering ransomware to end users, for example

2aa436C04-07-2016_rndnum(4,9)}}.docm

Does the attachment restriction no longer function, or what is the correct syntax?

Thanks

  (older msg: 3)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Dominic Moore - Aug 11, 2016 9:50 am (#4 Total: 5)  

 

Photo of Author
Dominic Moore
Novice
Novice
Posts: 158
Hi,
The original message and attachment for this example are gone (hopefully deleted by the user) so I will have to catch another one.
 We do currently have SecurityPlus and it is detecting viruses in docm files although they are configured to be restricted. Which process scans first?

------------------------------------------------------------------------
SecurityPlus for MDaemon has detected virus infected message attachments
------------------------------------------------------------------------

From : Teddy145@example.com
To : fwalsh@example.com
Subject : Attached: Receipt(00)
Date : Thu, 11 Aug 2016 20:07:51 +0700
Message-ID: (ed49dec74364400ab36829d65605f29@example.com)

------------------------------------------------------------------------------
Attachment Virus name Action taken
------------------------------------------------------------------------------
Receipt(00).docm ??? Removed

Ian Carter (apparently) - Aug 12, 2016 10:17 am (#5 Total: 5)  

via email  

Photo of Author
Ian Carter
Guru
Guru
Posts: 1271
The AV scan happens before MDaemon searches in the msg for restricted attachments.
 
--
Ian Carter
Alt-N Technologies
http://www.altn.com
 
Sent using Alt-N's own MDaemon Messaging Server
Now available with BYOD Mobile Device Management,
Document Sharing, Hijacked Account Detection and more.
 
Get to know the Alt-N family by liking us on Facebook!
 
 
-----Original Message-----
From: Dominic Moore <lists-md-content-filter@altn.com>
To: "md-cfilter List Member" <md-cfilter@altn.com>
Date: Thu, 11 Aug 2016 09:50:40 -0500
Subject: [md-cfilter] Ransomware attachments II - DOCM

Hi,
The original message and attachment for this example are gone (hopefully deleted by the user) so I will have to catch another one.
 We do currently have SecurityPlus and it is detecting viruses in docm files although they are configured to be restricted. Which process scans first?

------------------------------------------------------------------------
SecurityPlus for MDaemon has detected virus infected message attachments
------------------------------------------------------------------------

From : Teddy145@example.com
To : fwalsh@example.com
Subject : Attached: Receipt(00)
Date : Thu, 11 Aug 2016 20:07:51 +0700
Message-ID: (ed49dec74364400ab36829d65605f29@example.com)

------------------------------------------------------------------------------
Attachment Virus name Action taken
------------------------------------------------------------------------------
Receipt(00).docm ??? Removed
 
View/reply at Ransomware attachments II - DOCM 
--MD-CFILTER---------------------------------------------------------
This list is for questions and discussions about MDAEMON's Content 
Filter. To unsubscribe from this mailing list send an email to 
md-cfilter-unsubscribe@altn.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by Alt-N Technologies for user-to-user 
support and discussion.  Alt-N staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.altn.com/Support/RequestSupport/
---------------------------------------------------------------------


--MD-CFILTER---------------------------------------------------------
This list is for questions and discussions about MDAEMON's Content 
Filter. To unsubscribe from this mailing list send an email to 
md-cfilter-unsubscribe@altn.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by Alt-N Technologies for user-to-user 
support and discussion.  Alt-N staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.altn.com/Support/RequestSupport/
---------------------------------------------------------------------







  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items


 Content:

Read New | Search

 Guest:

Email to Admin

You are visiting as a Guest user.