|
|
|
SERVICES
|
|
Email Filtering > File and Mime Type Verification
|
Blocking or accepting file attachments in emails is a common practice in the Internet security industry, and a powerful tool in the hands of the system administrator. This functionality allows the administrator to setup policies for what sorts of files are allowed in/out of the organization, and can be used as an effective defense against executable code entering or leaving the protected network. When we consider that viruses are indeed executable files, you might consider that this technique alone could be enough to block viruses.
However, there is a problem: the file can be renamed to bypass the extension policy blocks. While heuristics are present, in the Network Box scanning system, to prevent this for executable code, most systems are vulnerable to such policy avoidance techniques. Many systems are easily bypassed by simply changing the extension of the attachment, indicating a very poor level of protection for the entire network, at least for this aspect of policy enforcement and virus protection.
Furthermore, recent advancements in desktop operating systems are removing the dependence on extension types for determining the application to pass a particular file to. Newly emerging applications and operating systems are smartly determining that the file is intended for them, regardless of the file extension. The intelligence of the gateway policy and scanning engine needs to be extended to combat this new threat.
The Network Box mail scanning system now allows policies to be set based on the actual type of file. The code uses signature and heuristic analysis of attached files, to produce a file type and mime type description of the actual content of the file. These file and mime types can then be used in a blocking company policy to restrict such types from entering or leaving the organization. As with all Network Box mail scanning engines, this functionality can be controlled to a high-degree of granularity (covering 19 characteristics, such as: sender, recipient, direction, message protocol, etc).
As an example of the difference this makes, let's look at a Microsoft word document file. The standard extension for this is ".doc". The file and mime types, based on signature and heuristic analysis are "Microsoft Word Document" and "application/msword" respectively. While the extension can be changed (by renaming), the file and mime types cannot. Setting a policy on file or mime type will prevent avoidance of company policy.
|
|
|
|
|
| |
|
|
|
"When you are connected to the Internet, it is easy to forget that the Internet is connected to you"
The Network Box anti-virus email gateway is kept up-to-date with the very latest anti-virus signatures around the clock. An out of date network security system is a vulnerable network security system.
|
|
|
|
| |
|
