In the last couple of weeks my company has been inundated by a group of viruses including an .html attachment. Some of these were subjected UPS shipment, some Western Union. All of them asking the user to click on the .html attachment. Mind you, none of these were caught by any of the security software on my network. Mostly Trend Micro products, OfficeScan and Scanmail.
I try to drill some Internet common sense into my people. The old, if it's to good to be true, if you're not expecting it, etc., but still I have a few that just forget. After reinstalling three machines I realized that this was more of a problem than I thought. My first reaction was to block all .html attachments at our Trend Scanmail server. This seemed to work great. No more virus attacks.
Here's my problem. Our accountant/office manager came to me today and said that I needed to allow .html files. It seems that all of her online accounting services communicate by .html attachment. She says she has been losing communications because Scanmail is removing all of her attachments.
In my opinion, a real online service should not be communicating with its clients via an .html attachment in an email. Does anyone else agree? Are these attachments considered safe, or do they belong in the mix with .exe and .bat? How do other people deal with this issue? Should we be contacting these services asking them to change their policy? The only other option I have given my current setup is allowing .html files through again to all my e-mail users.
Is Trend Micro losing its touch? Should I be looking for new security software? I switched to Trend Micro because they were rated pretty good at the time and I didn't want to use Symantec or McAfee (bad taste in my mouth, long story). What should I do?
Answer
Our company also blocks .html attachments at the border. We also figured that there wasn't a huge need for those sorts of attachments. Then Dell sent us a price quote as, you guessed it, an html attachment. I suppose it's slightly more standardized than a PDF file? Either way, we wound up whitelisting HTML attachments from just that domain. I take it that's not an option for you?
I can't say too much about Trend Micro's performance. One thing you might try, is submitting those sorts of files to someplace like this, which will see what other AV vendors recognize it as a threat. That might tell you if there's a better company for you.
One thing that our company has done that seems to be quite successful is blocking executable downloads at the firewall. Essentially, any HTTP traffic carrying a Windows executable gets blocked. We have a whitelist of users who are allowed to download them if they really need to, but otherwise it can block a surprising amount of malware from getting through.
No comments:
Post a Comment