|
Alt-N Discussion Groups MDaemon Discussion Groups MDaemon Content Filter 
Ransomware attachments II - DOCM
Hi,
(No response to my previous message about infected RTF files coming through the restricted attachments filter.)
I also have *.DOCM restricted but these are still delivering ransomware to end users, for example
2aa436C04-07-2016_rndnum(4,9)}}.docm
Does the attachment restriction no longer function, or what is the correct syntax?
Thanks
Dominic Moore
- Aug 11, 2016 9:50 am
(#4 Total: 5)
|
|
|
|
 |
Dominic Moore
Novice Posts: 158
|
Hi,
The original message and attachment for this example are gone (hopefully deleted by the user) so I will have to catch another one.
We do currently have SecurityPlus and it is detecting viruses in docm files although they are configured to be restricted. Which process scans first?
------------------------------------------------------------------------
SecurityPlus for MDaemon has detected virus infected message attachments
------------------------------------------------------------------------
From : Teddy145@example.com
To : fwalsh@example.com
Subject : Attached: Receipt(00)
Date : Thu, 11 Aug 2016 20:07:51 +0700
Message-ID: (ed49dec74364400ab36829d65605f29@example.com)
------------------------------------------------------------------------------
Attachment Virus name Action taken
------------------------------------------------------------------------------
Receipt(00).docm ??? Removed
|
|
 |  |
Ian Carter (apparently)
- Aug 12, 2016 10:17 am
(#5 Total: 5)
|
|
|
|
 |
Ian Carter
Guru Posts: 1270
|
The AV scan happens before MDaemon searches in the msg for restricted attachments.
Sent using Alt-N's own MDaemon Messaging Server
Now available with BYOD Mobile Device Management,
Document Sharing, Hijacked Account Detection and more.
Get to know the Alt-N family by liking us on Facebook!
-----Original Message-----
From: Dominic Moore <lists-md-content-filter@altn.com>
To: "md-cfilter List Member" <md-cfilter@altn.com>
Date: Thu, 11 Aug 2016 09:50:40 -0500
Subject: [md-cfilter] Ransomware attachments II - DOCM
Hi,
The original message and attachment for this example are gone (hopefully deleted by the user) so I will have to catch another one.
We do currently have SecurityPlus and it is detecting viruses in docm files although they are configured to be restricted. Which process scans first?
------------------------------------------------------------------------
SecurityPlus for MDaemon has detected virus infected message attachments
------------------------------------------------------------------------
From : Teddy145@example.com
To : fwalsh@example.com
Subject : Attached: Receipt(00)
Date : Thu, 11 Aug 2016 20:07:51 +0700
Message-ID: (ed49dec74364400ab36829d65605f29@example.com)
------------------------------------------------------------------------------
Attachment Virus name Action taken
------------------------------------------------------------------------------
Receipt(00).docm ??? Removed
View/reply at Ransomware attachments II - DOCM
--MD-CFILTER---------------------------------------------------------
This list is for questions and discussions about MDAEMON's Content
Filter. To unsubscribe from this mailing list send an email to
md-cfilter-unsubscribe@altn.com .
--POWERED BY MDAEMON!------------------------------------------------
---------------------------------------------------------------------
These forums are provided by Alt-N Technologies for user-to-user
support and discussion. Alt-N staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.altn.com/Support/RequestSupport/
---------------------------------------------------------------------
--MD-CFILTER---------------------------------------------------------
This list is for questions and discussions about MDAEMON's Content
Filter. To unsubscribe from this mailing list send an email to
md-cfilter-unsubscribe@altn.com .
--POWERED BY MDAEMON!------------------------------------------------
---------------------------------------------------------------------
These forums are provided by Alt-N Technologies for user-to-user
support and discussion. Alt-N staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.altn.com/Support/RequestSupport/
---------------------------------------------------------------------
|
|
|
|
|
You are visiting as a Guest user.
|