Delete emails with dangerous attachments
I am getting dozens of emails every day which includes attachments like .ISO, .CAB, .DLL and so on. I have searched the Internet and tried everything to work out a way to delete these messages as soon as they are downloaded.
I am okay to keep deleting them myself but I worry about my office girls inadvertently trying to open the attachment and installing malicious software.
Over many weeks I have spent days looking for options to protect myself from a swathe of emails with dangerous attachments but I cannot find anything. Does anyone have any ideas please ?
These are the sort of attachments we are getting .ADE, .ADP, .APK, .BAT, .CHM, .CMD, .COM, .CPL, .DLL, .DMG, .EXE, .HTA, .INS, .ISP, .JAR, .JS, .JSE, .LIB, .LNK, .MDE, .MSC, .MSI, .MSP, .MST, .NSH .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, .WSH, .CAB
All Replies (3)
You could create a filter that automatically detaches, i.e. saves to a folder outside of TB and deletes from the message, attachments, according to criteria such as 'Subject contains <insert text>' or 'From contains <insert address or domain>' etc. Unfortunately, I don't think there's a way to distinguish between benign files such as .jpg and unwanted ones such as .vbs. But at least the attachments would be removed from TB. You could of course also set the filter to delete the messages if you could define suitable criteria, or simply move all messages with attachments to a separate folder.
I was hoping for something like a filter that could just pick up on the file extension. The problem is that these are coming from different domains all of the time on the subject is never the same so I can't use this to distinguish what is a legitimate email or what is a dangerous email. The only thing I can use which is consistent is the filename, most of the filenames I get are .ISO and .CAB which as you would know on a Windows machine are pretty dangerous if deployed. There must be some smart person out there who can make some sort of filter to pick up on these malicious filenames
There is a way to search a folder for specific attachment types, e.g.with the Expression Search add-on, but this is a manual process. I'm not aware of a way to do this with an automatic filter.