So everyone needs emails. Unfortunately most users want to be able to receive attachements and people tend to send unsecure file formats like word, excel and PDF. Even image files cannot be considered secure since in the past there have been threats targeting weaknesses in image libraries.
So we are forced to filter any attachements. The products we can obtain always promise safe email filtering with signatures heuristics and sandboxing. most products deny the admin finetuning like quarantining for 24 hours and scanning after the quarintine because they insist that their scanning technology is state of the art and failsafe.
Unfortunately with every zero day virus the first one gets to pass the filters anyway, at least in our experience. So we limit allowed email attachements to PDF and even have to quarantine them manually.
We are looking for a solution which does the following:
- Scan an email and execute content filtering as set by the admin
- print allowed attached documents with a solution like ghostview to a new PDF (after that there can't be a virus inside the new PDF)
- send the email with the newly generated PDF to the user (but not the original attached document)
- quarantine the original allowed attached document for 24 to 36 hours (adjustable by the admin)
- allow admins to get the documents from the quarantine if time is critical
- allow users access to the quarantined attachement after the time mentioned above, of course only after an additional scan (now that it isn't zero day anymore)
Anyone else who wants a solution like this?
Have a nice weekend everyone!
Yours,
Stefan Walther