Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 1 subscriber
  • Views 10447 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

To less malware detected during SMTP-Scan

Chris69
Hi there,
since I enabled the Software UTM (right now 9.310-11) as a SMTP-Proxy it is filtering SPAM very well - but malware not as well as expected.

During the last 30 days it blocked 11 inbound mails for malware reasons - so far, so good - but in the same time the internal Exchange with "forefront security" reported a dozen times malware detection - and was right!
But Forefront is EOL and our license period will end up next week so it will stop the protection during the next days.

Yes, of course I did set the E-Mailprotection / Antivirus to "Dual Scan (Maximum Security)".

The patterns are downloaded and installed in the background and seem to be fine.


Any ideas for a better protection out there?


This thread was automatically locked due to age.
Parents
  • 0
    @Bob: there are no samples left, because forefront deleted these attachments directly. The forefront-detected malware is e.g.:
    winpe/Suspicious.FYU
    winpe/Injector.IGZN
    NetTool.Win32.ProxySwitcher.d


    @William: 
    50 user
    stats:
    SMTP last 24 hours [ 1268 messages delivered. 221 messages blocked (14%) ]

    Malware quarantined/rejected: 0 SPF rejects: 5
    Spam quarantined/rejected: 91 RBL rejects: 45
    Blacklist rejects: 0 BATV rejects: 0
    Address Verification rejects: 20 RDNS/HELO rejects: 60

    How do I set SMTP-Scan size?
  • 0 in reply to Chris69
    @Bob: there are no samples left, because forefront deleted these attachments directly. The forefront-detected malware is e.g.:
    winpe/Suspicious.FYU
    winpe/Injector.IGZN
    NetTool.Win32.ProxySwitcher.d


    @William: 
    50 user
    stats:
    SMTP last 24 hours [ 1268 messages delivered. 221 messages blocked (14%) ]

    Malware quarantined/rejected: 0 SPF rejects: 5
    Spam quarantined/rejected: 91 RBL rejects: 45
    Blacklist rejects: 0 BATV rejects: 0
    Address Verification rejects: 20 RDNS/HELO rejects: 60

    How do I set SMTP-Scan size?


    how much ram is in the machine..or if an appliance which one?

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Reply
  • 0 in reply to Chris69
    @Bob: there are no samples left, because forefront deleted these attachments directly. The forefront-detected malware is e.g.:
    winpe/Suspicious.FYU
    winpe/Injector.IGZN
    NetTool.Win32.ProxySwitcher.d


    @William: 
    50 user
    stats:
    SMTP last 24 hours [ 1268 messages delivered. 221 messages blocked (14%) ]

    Malware quarantined/rejected: 0 SPF rejects: 5
    Spam quarantined/rejected: 91 RBL rejects: 45
    Blacklist rejects: 0 BATV rejects: 0
    Address Verification rejects: 20 RDNS/HELO rejects: 60

    How do I set SMTP-Scan size?


    how much ram is in the machine..or if an appliance which one?

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Children
No Data
Unfiltered HTML