Embedded Files
Post date: Mar 12, 2013 6:58:54 AM
So I have been playing around with wanting to block attachments that are inside of a ZIP file ..EXE files really as Trend appears to be letting us down with HES and letting a number of viruses that have not been added to their DB.
So after hours of playing around with app rules and blashing my head on the wall why I could not not get the attachment rules to do anything!! I found out that the Exchange 2007 / 2010 use TLS to encrypt all mail that is sent from Trend HES.. This is the header:
localexhcnage server (10.0.0.1) with Microsoft SMTP Server (TLS) id 14.1.438.0; Tue, 12 Mar 2013 15:50:05 +1000
Received: from in09.sjc.mx.trendmicro.com (unknown [10.30.239.22]) by out03.sjc.mx.trendmicro.com (Postfix) with ESMTP id
As you can see TLS.. This stops Sonicwall app rules for that attack the network stream from being able to read the email... So you can't use any of the App rules for client smtp / client email.
Now it would be a very bad idea to turn off TLS
As this would mean that all the emails that come in to your Exchange server are forced to be plain text.. This would allow for a man in the middle attack from the sender to your exchange server.
This is the app rule;
And if it was working fine I get this NDR:
#5.0.0 smtp; 554 blocked as virus in subject> #SMTP#
Original message headers:
Received: from in01.sjc.mx.trendmicro.com (unknown [10.30.239.5])
by out11.sjc.mx.trendmicro.com (Postfix) with ESMTP id 7AEFF980480
------
So I would recommend not turning off TLS and installing Trend Scan server for Exchange.. with WFBS Adv.. then ticking on this box:
Page updated
Report abuse