Virus Blocker Lite does not block ransomware in email attachments

[CrystalCosine]

First of all, I/we did not get infected as I/we did not click on those peculiar attachments. I know that those peculiar attachments are ransomware because I googled the name of the attachments, the subject lines of the emails and the messages in the body of the emails, they are consistent with the various strains of ransomware.

However, I thought that Virus Blocker Lite ought to block those malicious emails+attachments from entering our email inboxes in the first place ??

[sky-knight]

Do you have the mail server on site behind Untangle?

[CrystalCosine]

No mail server on-site, only email clients.

What's the relevance? VBL is supposed to be in-line.

[jcoehoorn]

Your e-mail clients very likely use an encrypted connection to the mail server that untangle can't scan. Traffic from a mail to server to internet is typically unencrypted.

Also, you're using Virus Blocker Lite. It works, but it's definitions aren't as good. There's a reason they also have a premium product.

[sky-knight]

No mail server on site means that Untangle will simply never scan mail.Untangle does not scan POP3, IMAP, or HTTPs based email communications. It's mail filtration is limited to SMTP and SMTPs when configured with SSL inspector. And these two filters also require the SMTP server hosting your mail to be behind Untangle.

If you want to protect your mailboxes you need an anti-virus solution that works for the mail server. Untangle cannot do this unless the mail server is behind Untangle. That is what this sort of thing is for: https://www.proofpoint.com/us/products/email-protection

[CrystalCosine]

Thanks for the comments! It is disappointing how little the promoted in-line scanning feature of the perimeter device does. Upgrading to the premium VB product would not change that, if I understand things correctly.

As far as endpoint protection goes, is Windows Defender / Microsoft Security Essentials not supposed to block malicious email attachments in Outlook?

[sky-knight]

Windows Defender does what it does, but it's far from perfect. I do not use it, and do not trust it. It's been problematic for a couple years now.

In this age of cloud based everything, yes email security has taken a HUGE nose dive. The product I linked is the best I'm aware of, it not only does AV, but also content filtration on egress mail to prevent leaks, message archival, and all sorts of other really powerful things. But, this comes at a cost... which honestly is quite high.