Results 1 to 7 of 7
  1. #1
    Untanglit
    Join Date
    May 2015
    Posts
    38

    Default Virus Blocker Lite does not block ransomware in email attachments

    First of all, I/we did not get infected as I/we did not click on those peculiar attachments. I know that those peculiar attachments are ransomware because I googled the name of the attachments, the subject lines of the emails and the messages in the body of the emails, they are consistent with the various strains of ransomware.

    However, I thought that Virus Blocker Lite ought to block those malicious emails+attachments from entering our email inboxes in the first place ??

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,185

    Default

    Do you have the mail server on site behind Untangle?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untanglit
    Join Date
    May 2015
    Posts
    38

    Default

    No mail server on-site, only email clients.

    What's the relevance? VBL is supposed to be in-line.

  4. #4
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,737

    Default

    Your e-mail clients very likely use an encrypted connection to the mail server that untangle can't scan. Traffic from a mail to server to internet is typically unencrypted.

    Also, you're using Virus Blocker Lite. It works, but it's definitions aren't as good. There's a reason they also have a premium product.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.2.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,185

    Default

    No mail server on site means that Untangle will simply never scan mail.Untangle does not scan POP3, IMAP, or HTTPs based email communications. It's mail filtration is limited to SMTP and SMTPs when configured with SSL inspector. And these two filters also require the SMTP server hosting your mail to be behind Untangle.

    If you want to protect your mailboxes you need an anti-virus solution that works for the mail server. Untangle cannot do this unless the mail server is behind Untangle. That is what this sort of thing is for: https://www.proofpoint.com/us/products/email-protection
    Last edited by sky-knight; 05-15-2016 at 01:01 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untanglit
    Join Date
    May 2015
    Posts
    38

    Default

    Thanks for the comments! It is disappointing how little the promoted in-line scanning feature of the perimeter device does. Upgrading to the premium VB product would not change that, if I understand things correctly.

    As far as endpoint protection goes, is Windows Defender / Microsoft Security Essentials not supposed to block malicious email attachments in Outlook?

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,185

    Default

    Windows Defender does what it does, but it's far from perfect. I do not use it, and do not trust it. It's been problematic for a couple years now.

    In this age of cloud based everything, yes email security has taken a HUGE nose dive. The product I linked is the best I'm aware of, it not only does AV, but also content filtration on egress mail to prevent leaks, message archival, and all sorts of other really powerful things. But, this comes at a cost... which honestly is quite high.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2