Knowledge Base » Blog Archive » How to Proactively Block Dangerous Attachments

How to Proactively Block Dangerous Attachments

November 29th, 2018

With nettigritty’s Antispam Cloud you can block a very large amount of malware, yet there can sometimes be new Malware campaigns that are able to evade all Antivirus and Anti-Spam filters. Due to this we would highly recommend to enable the “Block attachments that contain hidden executables” option by default for all your domains. This is already enabled by default.

This is highly effective against so called 0-day malware. Once this is enabled, messages that are sent with executables within a compressed archive (.zip, .rar etc) are rejected and quarantined.

Be Advised: The Block attachments that contain hidden executables option will only affect messages that contain an executable within a compressed archive. The check is executed 3 layers deep into archived messages.

Block attachments that contain hidden executables by default for all domains
To block dangerous by default for all your existing domains and future domains that you will add, go to: Super-Admin Dashboard > Outgoing > Default Domain Settings. From here on, click on the Attachment Restrictions tab from the left hand side menu and tick check the tickbox in front of “Block attachments that contain hidden executables”.

Be advised that this will automatically enable the Block attachments that contain hidden executables feature to all domains that have the default value (and not a custom setting for this) and future added domains. This can be overruled at domain level.

Block attachments that contain hidden executables at domain level
To block dangerous attachments for a specific domain only, you will need to, login as the domain user and go to: Domain Dashboard > Email Restrictions > Attachment Restrictions and check the tickbox in front of “Block attachments that contain hidden executables”.

Block certain extensions
It’s also possible to block messages based on their attachment. By default nettigritty’s Antispam Cloud already pre-fills a selected list of attachments that are blocked. However you can of course add / remove any other attachment file types that are deemed necessary.

Block Password Protected Archives
Spammers often use a trick by sending password encrypted archives in the hope to bypass some filters, and saying the “password” in the body of the spam message. These messages can be blocked by enabling the “Block Password Protected Attachments” feature. This can be enabled at both the default level and domain level as mentioned above.

Enable Scanned Link Extensions
This option not enabled by default, allows you to configure your domain(s) to have the ability to download files from links in the email that contain a specific extension. This is extremely powerful when it comes to messages that have direct links in the emails that direct to a malicious file. For example http://bad.example.com/mybadfile.zip.

By default the zip file is not downloaded, however with this enabled, it allows our systems to download the .zip file and scan with our engines.

We recommend you enable this where possible with the following settings:

Message link size limit (in bytes): 2000000
Add the following to the current list of scanned extensions: zip,rar,jar,js,java,aspx,doc,docm,xls,xlsm
Note, for redirect links (commonly seen in Invoice related spam), an extra link-follow option is needed. This currently needs to be enabled only by our support team. If you require this, please contact us.