Freigeben über


Hello Fope!

My first FOPE centered blog.

One common issue with FOPE (this also happens in FSS/Antigen) is the 0 day Virus’s that pretend to be a legitimate mail from other senders.

These tend to be small emails asking you to open the file in a zip attached to the email. The file will look like a pdf but its really an executable named “delivery.pdf .exe”

These exe files are not caught by any engine right away so some customers see them come through.

There are multiple ways you can block these messages (SPF, policy rules) But I suggest the following.

My first question is always “Do you have any reason to allow executable files via email?” I have yet found a customer that says they need exe’s in emails. If your email policy allows blocking these message types then I suggest you set up two rules to lower your chances of getting any viruses.

Inbound reject rule (deletes any inbound mail with a compressed file that contains executable attachments)

 

image

The 2nd rule is to block files not in compressed files that fit he header information that matches an executable type.

image