Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developers365 Exchange : not cleaning infected emails
1101

3141 posts

Uber Geek
+1 received by user: 1143


#272571 2-Jul-2020 15:48
Send private message

Hi.

In general, is 365 Exchange pretty useless at cleaning virus attachments from emails ?
Im noticing infected emails coming through & being later detected by NOD32 on the PC's (Nod detects them as the emails are downloaded from 365)

 

So , is exch 365's virus detection just not very good ?

 

 

 

 

 

 

Create new topic
Linux
12173 posts

Uber Geek
+1 received by user: 8467

Trusted
Lifetime subscriber

  #2516292 2-Jul-2020 16:16
Send private message

Can only clear what it knows about I guess



1101

3141 posts

Uber Geek
+1 received by user: 1143


  #2516298 2-Jul-2020 16:26
Send private message

Linux:

 

Can only clear what it knows about I guess

 

 

ESET detects the email malware attachments , and thats not really the best at this sort of thing .

Perhaps , 365 wants to upsell to their ( better?) antimalware product ? (Advanced Threat Protection (ATP)) .

 

 

Linux
12173 posts

Uber Geek
+1 received by user: 8467

Trusted
Lifetime subscriber

  #2516300 2-Jul-2020 16:37
Send private message

MalwareBytes does a good job



freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41024

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2516327 2-Jul-2020 17:14
Send private message

Are you part of the Administrators group? Have you checked security policies yourself to see what's being done - default policies, modified policies, etc?




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

Andib
1395 posts

Uber Geek
+1 received by user: 974

ID Verified
Trusted

  #2516417 2-Jul-2020 19:51
Send private message

Do you have any level of EOP / transport rule filtering enabled? From experience (pretty large orgs on O365) Malicious attachments getting through are very rare when basic settings are set correctly and much better than on premises exchange.





<# 
       .DISCLAIMER
       Anything I post is my own and not the views of my past/present/future employer.
#>

KiwiSurfer
1722 posts

Uber Geek
+1 received by user: 993

ID Verified
Lifetime subscriber

  #2516497 2-Jul-2020 21:05
Send private message

My work has been using O365 for the last 2-3 years now and I can't recall even a single instance of a virus coming through. Even plain old spam is filtered very well with single digits of spam per year.

 

Do you know what sort of emails the 'viruses' are supposed to be coming from? Spam emails or are they coming from e.g. senders you have had previous email exchanges with?

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
1101

3141 posts

Uber Geek
+1 received by user: 1143


  #2516569 3-Jul-2020 08:58
Send private message

Its a bit complex, my suggestions were ignored , so.....

 

Its emails being forwarded to 365 causing the issue . I guess they arnt marked as spam as they are forwarded from a non-spammy source.
They are being detected by the PC's AV  , so its not a huge issue .

 

I was more wondering about 365's email AV filter in general

freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41024

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2516626 3-Jul-2020 09:37
Send private message

You suggestion was "Perhaps , 365 wants to upsell to their ( better?) antimalware product ? (Advanced Threat Protection (ATP)) ." 

 

It was not ignored. It just not it. The consensus amongst the others is that left alone even with default rules Office 365 will do a good job. However you can not really rely on a single solution - email filtering is good but there are other ways for things to get into someone's device, so you already have this covered with endpoint security software - which is doing its job. 




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

1101

3141 posts

Uber Geek
+1 received by user: 1143


  #2516691 3-Jul-2020 11:25
Send private message

freitasm:

 

You suggestion was "Perhaps , 365 wants to upsell to their ( better?) antimalware product ? (Advanced Threat Protection (ATP)) ." 

 

 

??
no. my suggestion to those with the issue was to move this 1 email a/c to 365 , rather than forward those emails to another 365 a/c .
Would have been zero cost , using the ~shared email~ a/c type . Its the forwarded emails having most of the issues  .
And my suggestion to keep the 3rd party spam filtering service they got rid of .

:-)

 

 

freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41024

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2516693 3-Jul-2020 11:27
Send private message

1101:

 

freitasm:

 

You suggestion was "Perhaps , 365 wants to upsell to their ( better?) antimalware product ? (Advanced Threat Protection (ATP)) ." 

 

 

??
no. my suggestion to those with the issue was to move this 1 email a/c to 365 , rather than forward those emails to another 365 a/c .
Would have been zero cost , using the ~shared email~ a/c type . Its the forwarded emails having most of the issues  .
And my suggestion to keep the 3rd party spam filtering service they got rid of .

:-)

 

 

Oh, you mean suggestions to users where ignored?




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

Andib
1395 posts

Uber Geek
+1 received by user: 974

ID Verified
Trusted

  #2516713 3-Jul-2020 12:17
Send private message

1101:

 

Its a bit complex, my suggestions were ignored , so.....

 

Its emails being forwarded to 365 causing the issue . I guess they arnt marked as spam as they are forwarded from a non-spammy source.
They are being detected by the PC's AV  , so its not a huge issue .

 

I was more wondering about 365's email AV filter in general

 

 

 

 

Without knowing the environment I would hazard a guess that the domain that is forwarding these emails potentially in the whitelist? Whitelisting domains means they bypass all spam filters.
Generally speaking O365 is pretty good on malicious attachment filtering. ATP is more focused on phishing prevention.

 

Current recommendations from Microsoft is to not whitelist domains but instead use transport rules to lower the spam confidence level for emails from trusted domains so that they don't completely bypass the spam/malware filters.




<# 
       .DISCLAIMER
       Anything I post is my own and not the views of my past/present/future employer.
#>

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright