Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 21076 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invoice Malware & Doc files

Jam_Man

We have been seeing, over several customers, that Puremessage has been putting a lot of messages into quarantine that really should be deleted.

The messages are fake invoices with a *.doc attachement which according to a quick search contains a macro virus.

An example being http://sanesecurity.blogspot.co.uk/2015/03/linsen-parts-uk-ltd-invoice-from-linsen.html

The problem with this is that a user still gets notified of the item and can still download it.

Our Pure message is set at 90 to delete messages and these seem to score 82-84 or so.

We have filtered some buy using athe subject, but others are craftier with a subject that keeps changing.

Any ideas or recommendations how to stop these other than reducing the delete threshold ?

:56308


This thread was automatically locked due to age.
Parents
  • 0

    We are seeing the same issue with a variety of clients as well. 

    We usually have Puremessage set to deliver suspected spam and append *SPAM* to the subject.  At the moment all of these emails are filtering through PureMessage with virus attachments intact and sitting in the users inbox. 

    It seems to be a little while later that the messages are being scanned and that attachments removed and replaced with a txt file.  This would suggest that Sophos AV/definitions are seeing the viruses but I dont understand why the messges are not being deleted on the intial scan by Pure Message?

    I have submitted some of the sample emails to Sophos.

    :56330
Reply
  • 0

    We are seeing the same issue with a variety of clients as well. 

    We usually have Puremessage set to deliver suspected spam and append *SPAM* to the subject.  At the moment all of these emails are filtering through PureMessage with virus attachments intact and sitting in the users inbox. 

    It seems to be a little while later that the messages are being scanned and that attachments removed and replaced with a txt file.  This would suggest that Sophos AV/definitions are seeing the viruses but I dont understand why the messges are not being deleted on the intial scan by Pure Message?

    I have submitted some of the sample emails to Sophos.

    :56330
Children
No Data
Unfiltered HTML