1

Lately my server has been getting pounded with spam containing ZIP attachments (presumably infected with something). They go to most of our users, and the fear is someone will open one.

Users are trained to not open attachments without IT Dept's approval, however a technical solution is best since users are fallible.

I need to somehow prevent any email with a ZIP attachment from being delivered to the user, and instead redirect the email + attachment to a centralized email address under control of our IT Team. They will review the emails, and if deemed legitimate, will forward to the intended user.

Looking through Zimbra's configs, it seems I can block ZIP attachments entirely, but this has the unfortunate effect of rejecting sometimes legitimate emails.

How can I achieve this in Zimbra?

SnakeDoc
  • 570
  • 7
  • 24
  • It's not an uncommon policy to block zips/exes/etc from email and generate a bounce back informing the sender of as much. To each their own, but I can't imagine asking anyone on my team to sift through hundreds of spam emails in case one or two might be legitimate. – Daniel Widrick Sep 29 '16 at 15:37
  • 1
    @DanielWidrick I know that's fairly standard, and I tried that route, but it had too much pushback. We're an ecommerce company, and we receive legitimate ZIP files regularly (containing product images, resources, etc.). We know our vendors, and will likely setup some filters to auto-forward after getting a feel for what comes to the central box. For now, we just need to get the ZIPs out of end-users hands. – SnakeDoc Sep 29 '16 at 15:39
  • @SnakeDoc What's wrong with virus/spam/malware scanning on the mail server (or service) before delivery? And desktop virus scanners? – Ryan Babchishin Sep 30 '16 at 00:46
  • @RyanBabchishin Desktop scanners are too late, and mail server/service scanners aren't foolproof. Many get through. – SnakeDoc Sep 30 '16 at 03:05
  • @SnakeDoc Late? Many will scan the second you open an email or run something. Though I understand they are not fool proof. – Ryan Babchishin Sep 30 '16 at 03:11
  • @RyanBabchishin It's preferable to not rely on the "last line" defense desktop scanners. I opened several in a VM and observed they are usually excel and word macro's coming through. Since the user would be telling word or excel to run the macro, I have doubts about any virus scanner being 100%. Of course, we get legitimate excel and word docs sent over routinely (macros included as well, ex: amazon flat file templates), so user training is also fallible. – SnakeDoc Sep 30 '16 at 03:21
  • @SnakeDoc I understand. And it is very secure to manually check all of your questionable email... but this is the first time I've ever heard of such extreme measures. Just hoping you'd settle for something a little more.. common? I'm actually installing Zimbra now on a VM because you reminded me of it from a long time ago and I thought it was neat... if I see any way to do that, I'll definitely let you know. – Ryan Babchishin Sep 30 '16 at 03:23
  • @RyanBabchishin Appreciate it. :) Zimbra's been great - we've been on it since early 7.x.x. The company's changed hands a few times, but still a great product. – SnakeDoc Sep 30 '16 at 03:30
  • If you have a few legitimate senders that send zip files (vendors?). You could implement a different way of exchanging such files. For example use Owncloud for this part? – Micha Kersloot Oct 04 '16 at 09:49

0 Answers0