ExchangeDefender Updates: So this is what its like to work on Microsoft Vista?

IT Business
6 Comments

Yesterday I had a pleasure of hanging out with half a dozen of our customers and at some point I got the Vista treatment:

We really love your product, but the file rules blow.

This is Vlad’s version of UAC. ExchangeDefender filters based on content type (tnef expanded Outlook attachments widely used in the exploit land), content name (things ending up in .bmp) and a few hundred other manual checks. Here is the problem. Microsoft’s .bmp, .pif, .scr and so on are widely used to propagate trojans, worms, etc. Users are stupid. So although Bob the sysadmin wants to get a zip file that has codebase or executable content inside of it, we cannot allow that to go through because then the user gets the message such as:

Dear Quickbooks User,

Attached is an archive with the software upgrade for Quickbooks. Double click on the zip file and launch the setup.exe program.

Sincerely,

Intuit Security

And, well… poof. They are 0wn3d. So one of the really useful features ExchangeDefender allows for is managed security – we sit on top of major infosec lists and watch for exploited extensions / filetypes. We look at our internal reporting and constantly program in attack patterns, etc. But every now and then we get this:

My user didn’t get my email because I inserted my .bmp signature. I don’t care its dangerous, works everywhere else, I demand you drop down the entire site security.

I need to get these files. I don’t care about security.

I am sick and tired of you blocking all the useful stuff. Open it up.

But after sitting around yesterday and listening to the feedback, I understand that ExchangeDefender may at times be more of a nuisance than a beneficial security layer. If it causes you more overhead and you’re willing to compromise your security (and set your own tradeoff level) I am willing to make that compromise.

And since I don’t work for the blue badge of inefficiency, I would like to let you know that we have worked overnight and that this feature is available in ExchangeDefender right now. How’s that for a major feature deployment in under 20 hours?  And no, this is not something we have been working on for years, this is something I started cranking on at 4AM and it’s functional against my domains now.

    • Provide your own extension blocklist
    • Provide your own filetype blocklist
    • Provide your own malware preferences (block, reject, bounce, forward, redirect, disarm, convert-to-text)

No pretty GUI right now, but if you’re banging your head and the users are screaming because they cannot get mail from point A to point B I can get this going for you today. The infrastructure is very granular, it can be implemented against a domain, email address and supports full RegExp (though if you don’t know how to write regexp this will absolutely break your mail delivery) and is implemented as an eval against an evenlope recipient (rcpt to) first and then inline second (“To: “). Want it today, drop me an email. GUI will follow by the end of Q3, we’re redesigning the way GUI works to begin with.

6 Responses to ExchangeDefender Updates: So this is what its like to work on Microsoft Vista?

Comments are closed.