Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Filtering and blocking email attachments using Trend Micro's Messaging products

    • Updated:
    • 11 Apr 2016
    • Product/Version:
    • Hosted Email Security 1.9.8
    • Hosted Email Security 2.0
    • InterScan Messaging Security Appliance 5000 7.0
    • InterScan Messaging Security Suite 7.1 Linux
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Suite 7.5 Windows
    • InterScan Messaging Security Virtual Appliance 8.5
    • InterScan Messaging Security Virtual Appliance 9.0
    • ScanMail for Exchange 11.0
    • ScanMail for Exchange 12.0
    • ScanMail for IBM Domino 5.6 Linux
    • ScanMail for IBM Domino 5.6 Windows
    • ScanMail for Lotus Domino 5.0 AIX
    • ScanMail for Lotus Domino 5.0 Windows
    • ScanMail for Lotus Domino 5.0 zLinux
    • ScanMail for Lotus Domino 5.5 Linux
    • ScanMail for Lotus Domino 5.5 Windows
    • Worry-Free Business Security Standard/Advanced 7.0
    • Worry-Free Business Security Standard/Advanced 8.0
    • Platform:
    • Linux - Red Hat RHEL 3 32-bit
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - SuSE 10
    • Linux - SuSE 9.0
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Server R2
    • Windows 2003 Small Business Server
    • Windows 2003 Small Business Server R2
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Essential Business Server
    • Windows 2008 Server R2
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Small Business Server
    • Windows 2008 Standard
    • Windows 2011 Small Business Server Essentials
    • Windows 2011 Small Business Server Standard
    • Windows 2012 Enterprise
    • Windows 2012 Server Essentials
Summary

Some malwares arrive as email attachment of spam email messages that use social engineering method to lure users to open and execute it.

Notable malwares that use this technique are WORM_BAGLE and TROJ_UPATRE. The TROJ_UPATRE downloads ZBOT (also known as ZeuS), which eventually downloads CRILOCK/CRYPTOLOCKER or FAKEAV.

Learn how to detect these malwares in email attachments through Messaging products of Trend Micro.

Details
Public

The Virus or Smart pattern files of Trend Micro can detect malicious attachments. However, as an added security measure, Trend Micro's Messaging products include a feature to block or filter email attachments.

Below are the Trend Micro's Messaging products and their procedures to enable attachment blocking:

Worry-Free Business Security (WFBS) and ScanMail for Exchange (SMEX)

Detect the EXE file type inside a ZIP or compressed file using the Attachment Blocking feature available in WFBS and SMEX by following the article Blocking EXE file within a ZIP file using the Attachment Blocking of WFBS and SMEX.

Filter the EXE file type within an encrypted or password-protected file in WFBS and SMEX by following the article Blocking an encrypted or password-protected file in WFBS and SMEX.

Hosted Email Security (HES)

For HES, use the Attachment True File Type criteria to scan attachments.

InterScan Messaging Security

For InterScan Messaging Security products, you can block EXE files inside a ZIP file.

You may also detect password-protected ZIP files in InterScan Messaging Security.

ScanMail IBM for Domino (SMID)

For SMID, scan email attachments by following the article Detecting and blocking attachments within compressed files in SMID.

For password-protected files, refer to the article Blocking password-protected files in SMID.

You may refer to the article Common file types used by malware as email attachment for more information.

Premium
Internal
Rating:
Category:
Configure; Remove a Malware / Virus
Solution Id:
1099665
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.