Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 21076 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invoice Malware & Doc files

Jam_Man

We have been seeing, over several customers, that Puremessage has been putting a lot of messages into quarantine that really should be deleted.

The messages are fake invoices with a *.doc attachement which according to a quick search contains a macro virus.

An example being http://sanesecurity.blogspot.co.uk/2015/03/linsen-parts-uk-ltd-invoice-from-linsen.html

The problem with this is that a user still gets notified of the item and can still download it.

Our Pure message is set at 90 to delete messages and these seem to score 82-84 or so.

We have filtered some buy using athe subject, but others are craftier with a subject that keeps changing.

Any ideas or recommendations how to stop these other than reducing the delete threshold ?

:56308


This thread was automatically locked due to age.
Parents
  • 0

    Same problem for us, puremessage is ignoring the .doc macro virus attachments.  Later on they are deleted.  However, they are all initially delivered to the inbox. 

    edit:  pure message AV is set to "normal" scan.  What does "extensive" scan do?  I recommends enabling only by technical support.

    :57256
Reply
  • 0

    Same problem for us, puremessage is ignoring the .doc macro virus attachments.  Later on they are deleted.  However, they are all initially delivered to the inbox. 

    edit:  pure message AV is set to "normal" scan.  What does "extensive" scan do?  I recommends enabling only by technical support.

    :57256
Children
No Data
Unfiltered HTML