Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




2200 posts

Uber Geek


#272571 2-Jul-2020 15:48
Send private message quote this post

Hi.

In general, is 365 Exchange pretty useless at cleaning virus attachments from emails ?
Im noticing infected emails coming through & being later detected by NOD32 on the PC's (Nod detects them as the emails are downloaded from 365)

 

So , is exch 365's virus detection just not very good ?

 

 

 

 

 

 


Create new topic
6704 posts

Uber Geek

Trusted
Lifetime subscriber

  #2516292 2-Jul-2020 16:16
Send private message quote this post

Can only clear what it knows about I guess




2200 posts

Uber Geek


  #2516298 2-Jul-2020 16:26
Send private message quote this post

Linux:

 

Can only clear what it knows about I guess

 

 

ESET detects the email malware attachments , and thats not really the best at this sort of thing .

Perhaps , 365 wants to upsell to their ( better?) antimalware product ? (Advanced Threat Protection (ATP)) .

 

 


 
 
 
 


6704 posts

Uber Geek

Trusted
Lifetime subscriber

  #2516300 2-Jul-2020 16:37
Send private message quote this post

MalwareBytes does a good job


BDFL - Memuneh
67840 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2516327 2-Jul-2020 17:14
Send private message quote this post

Are you part of the Administrators group? Have you checked security policies yourself to see what's being done - default policies, modified policies, etc?





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


1101 posts

Uber Geek

Trusted

  #2516417 2-Jul-2020 19:51
Send private message quote this post

Do you have any level of EOP / transport rule filtering enabled? From experience (pretty large orgs on O365) Malicious attachments getting through are very rare when basic settings are set correctly and much better than on premises exchange.


634 posts

Ultimate Geek

Lifetime subscriber

  #2516497 2-Jul-2020 21:05
Send private message quote this post

My work has been using O365 for the last 2-3 years now and I can't recall even a single instance of a virus coming through. Even plain old spam is filtered very well with single digits of spam per year.

 

Do you know what sort of emails the 'viruses' are supposed to be coming from? Spam emails or are they coming from e.g. senders you have had previous email exchanges with?




2200 posts

Uber Geek


  #2516569 3-Jul-2020 08:58
Send private message quote this post

Its a bit complex, my suggestions were ignored , so.....

 

Its emails being forwarded to 365 causing the issue . I guess they arnt marked as spam as they are forwarded from a non-spammy source.
They are being detected by the PC's AV  , so its not a huge issue .

 

I was more wondering about 365's email AV filter in general


 
 
 
 


BDFL - Memuneh
67840 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2516626 3-Jul-2020 09:37
Send private message quote this post

You suggestion was "Perhaps , 365 wants to upsell to their ( better?) antimalware product ? (Advanced Threat Protection (ATP)) ." 

 

It was not ignored. It just not it. The consensus amongst the others is that left alone even with default rules Office 365 will do a good job. However you can not really rely on a single solution - email filtering is good but there are other ways for things to get into someone's device, so you already have this covered with endpoint security software - which is doing its job. 





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 




2200 posts

Uber Geek


  #2516691 3-Jul-2020 11:25
Send private message quote this post

freitasm:

 

You suggestion was "Perhaps , 365 wants to upsell to their ( better?) antimalware product ? (Advanced Threat Protection (ATP)) ." 

 

 

??
no. my suggestion to those with the issue was to move this 1 email a/c to 365 , rather than forward those emails to another 365 a/c .
Would have been zero cost , using the ~shared email~ a/c type . Its the forwarded emails having most of the issues  .
And my suggestion to keep the 3rd party spam filtering service they got rid of .

:-)

 

 


BDFL - Memuneh
67840 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2516693 3-Jul-2020 11:27
Send private message quote this post

1101:

 

freitasm:

 

You suggestion was "Perhaps , 365 wants to upsell to their ( better?) antimalware product ? (Advanced Threat Protection (ATP)) ." 

 

 

??
no. my suggestion to those with the issue was to move this 1 email a/c to 365 , rather than forward those emails to another 365 a/c .
Would have been zero cost , using the ~shared email~ a/c type . Its the forwarded emails having most of the issues  .
And my suggestion to keep the 3rd party spam filtering service they got rid of .

:-)

 

 

Oh, you mean suggestions to users where ignored?





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


1101 posts

Uber Geek

Trusted

  #2516713 3-Jul-2020 12:17
Send private message quote this post

1101:

 

Its a bit complex, my suggestions were ignored , so.....

 

Its emails being forwarded to 365 causing the issue . I guess they arnt marked as spam as they are forwarded from a non-spammy source.
They are being detected by the PC's AV  , so its not a huge issue .

 

I was more wondering about 365's email AV filter in general

 

 

 

 

Without knowing the environment I would hazard a guess that the domain that is forwarding these emails potentially in the whitelist? Whitelisting domains means they bypass all spam filters.
Generally speaking O365 is pretty good on malicious attachment filtering. ATP is more focused on phishing prevention.

 

Current recommendations from Microsoft is to not whitelist domains but instead use transport rules to lower the spam confidence level for emails from trusted domains so that they don't completely bypass the spam/malware filters.


Create new topic




News »

Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35


UFB hits more than one million connections
Posted 6-Aug-2020 09:42


D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01


New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51


QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.