(Malicious) Attachment Problems
Posted: 14 Sep 2015 17:05
Hello all!
We've been using EFA for a few weeks, and while it has mostly eliminated the (massive) daily spam-dump campaigns that were hitting us, it has introduced another problem:
We are being hit hard with malicious attachments which are 'only' downloaders for the actual content. They are mostly .doc.js files embedded within a non-password-protected .zip file. EFA lets a good portion (most?) of them through at this point in time. While we can provide user notices and training, some of them have come from legitimate entities at other companies which had their email systems compromised. Users will only hold off on clicking that attachment for so long... Curiosity kills the data.
I can't find any way to adjust attachment filtering, and /mailscanner/status.php does not indicate whether an attachment was present. Training with SA Learn -> 'As Spam' is time consuming, and does not appear to be making any difference at this point in time.
Are there any suggestions?
We've been using EFA for a few weeks, and while it has mostly eliminated the (massive) daily spam-dump campaigns that were hitting us, it has introduced another problem:
We are being hit hard with malicious attachments which are 'only' downloaders for the actual content. They are mostly .doc.js files embedded within a non-password-protected .zip file. EFA lets a good portion (most?) of them through at this point in time. While we can provide user notices and training, some of them have come from legitimate entities at other companies which had their email systems compromised. Users will only hold off on clicking that attachment for so long... Curiosity kills the data.
I can't find any way to adjust attachment filtering, and /mailscanner/status.php does not indicate whether an attachment was present. Training with SA Learn -> 'As Spam' is time consuming, and does not appear to be making any difference at this point in time.
Are there any suggestions?