FEATURE REQUEST UPDATE - Whitelist
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
FEATURE REQUEST UPDATE - Whitelist - 29.Sep.2008 4:44:15 AM
|
|
|
mdnationwide
Posts: 6
Joined: 20.Dec.2006
Status: offline
|
Hello
Does anyone know how the feature request for a whitelist come along? I see it's been requested by several users and I too would love to be able to use this feature but to my knowledge it's not yet available.
GFI - Any news?
thanks
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - 3.Oct.2008 11:10:40 AM
|
|
|
John Letourneau
Posts: 1669
Joined: 28.Apr.2008
Status: offline
|
mdnationwide,
I do not have an update to the status of this request but I can tell you that in my opinion a whitelist for GFI MailSecurity would be a bad idea. When you look at the problems that users end up with due to the whitelist in GFI MailEssentials where spammers are spoofing whitelisted address and attach virus's instead of spam it would really scare me as an administrator to allow any messages to freely go through GFI MailSecurity unchecked.
_____________________________
John Letourneau
GFI Software
Blog-Twitter-YouTube-Facebook
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - 3.Oct.2008 11:35:22 AM
|
|
|
mdnationwide
Posts: 6
Joined: 20.Dec.2006
Status: offline
|
Hi John
I understand your concerns. However, we consistently receive mail from our parent company with Word / Excel documents containing macro's. Each time they send these messages I am having to approve each way. Although this doesn't bother me, the directors are getting annoyed about receiving the message twice, one with no attachment and another with the approved message. They do not understand why I am not able to automate or eliminate the problem.
Any other ideas on how I am able to fix the situation would be great.
thanks
Richard Foreman
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - 14.Oct.2008 5:21:10 PM
|
|
|
John Letourneau
Posts: 1669
Joined: 28.Apr.2008
Status: offline
|
Richard,
The next time one of these messages gets blocked please take a look at the Quarantine to see what module blocked the message and why. Once you know this information please let me know.
_____________________________
John Letourneau
GFI Software
Blog-Twitter-YouTube-Facebook
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - 28.Jul.2009 10:51:51 AM
|
|
|
AFlowers
Posts: 165
Joined: 12.Feb.2007
Status: offline
|
There are a number of users requesting this same thing - please add me to the list.
Regardless of what GFI may see as a very real threat to a customer's site, there are occasions when the customer's requirements must be considered.
I have an immediate need to allow "unsafe" attachments from a particular sender. When I tell the management that I can't do that, all it does is make us lose credibility.
Please, GFI, even if you think it's a bad/rotten/foolish/stupid idea, and even if I completely agree with you, give us the ability to whitelist certain senders/recipients.
I'd hate to have to throw away an otherwise great piece of software just because it would not let me do what the company's owner wants.
Thanks!
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - 30.Jul.2009 11:27:28 AM
|
|
|
AFlowers
Posts: 165
Joined: 12.Feb.2007
Status: offline
|
GFI - Any plans to reconsider?
Does anybody have any suggestions for a workaround?
I have a specific sender who sends a specific "unsafe" attachment that we do not want scanned.
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - 31.Jul.2009 7:42:00 AM
|
|
|
AFlowers
Posts: 165
Joined: 12.Feb.2007
Status: offline
|
Bump
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - 3.Aug.2009 7:19:38 AM
|
|
|
AFlowers
Posts: 165
Joined: 12.Feb.2007
Status: offline
|
GFI - I really need a reply to this request!
One of our insurance companies sends attachments considered unsafe by MailSecurity. We need to have some way to receive these attachments intact. I believe that it is an html page with javascript - and the javascript is getting stripped out.
For a workaround, we have created an external [free] email address for our user to receive these important email attachments.
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 4.Aug.2009 7:08:24 AM
|
|
|
AFlowers
Posts: 165
Joined: 12.Feb.2007
Status: offline
|
I still need help to get critical attachments through GFI MailSecurity.
I know that the wisdom of doing so is questionable, but that does not change the fact that I have to.
So, other than using an external email account or uninstalling MailSecurity, how do I allow certain "unsafe" attachments to enter the business untouched?
Thanks!
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 4.Aug.2009 9:34:49 AM
|
|
|
mss
Posts: 290
Joined: 5.Aug.2004
Status: offline
|
Hi AFlowers,
While a colleague of mine is working on a post with regards to this feature, I wanted to ask - is user exclusion on attachment checking rules working for you ? Are you able to get the attachment through if you add the person/persons who typically receive these attachments to the exclusion list ?
Regards,
Max Sushchenko
GFI Software Ltd - www.gfi.com
< Message edited by mss -- 4.Aug.2009 9:36:28 AM >
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 4.Aug.2009 9:51:45 AM
|
|
|
AFlowers
Posts: 165
Joined: 12.Feb.2007
Status: offline
|
Hi Max. Thanks for the response.
No, I can not get user exclusion to work. I'd be happy to try again.
AFlowers
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 5.Aug.2009 1:33:24 AM
|
|
|
christophers
Posts: 58
Joined: 16.Aug.2007
From: Malta
Status: offline
|
Hi everyone,
We'd like to give you some visibility into what's happening on our side on this.
As you may know, a 'whitelisting' functionality in MailSecurity has been requested for quite some time. Whenever this comes up periodically it always drives our engineering teams into heated discussions and everyone ends up taking one of two opposing stands: some of us feel that we should implement a whitelist to satistfy what our customers are asking for, while others see this as a potential security threat. Indeed, the security implications of implementing a whitelist in a server-based email security product are very serious for us at GFI: first, if you just take into account the amount of spoofed spam email that is sent over the internet, the likelihood of spoofed malware email passing through a MailSecurity whitelist becomes considerable. Secondly, there is also the possibility that the network of a 'trusted', whitelisted sender suddenly becomes infected and starts sending out malware: this would cut straight through MailSecurity and easily jeopardize your network. Undoubtedly, these two considerations always held us back from rolling a whitelist into the product.
Nevertheless, given the popularity of the request, we feel we should try to help out in some way or another with the aim of possibly striking that fine balance somewhere along the usability-security gradient.
First off, I think everyone is in agreement that no emails should ever bypass the anti-virus engines included in MailSecurity (i.e. AVG/Norman/McAfee/BitDefender/Kaspersky). Whatever AV's are enabled and licensed on your MailSecurity installation, these will always scan inbound/outbound emails (i.e. according to how they are configured). No form of whitelisting will ever be implemented here.
Secondly, we'd like to engage your help into shaping this by providing us with insights and preferences into what functionality you would like to see which approximates a whitelist, and also try to understand whether any of the existing functionalities available in MailSecurity can help you in the absence of a whitelist.
For example: - Some of you in the past expressed the need for a user-based HTML Sanitizer: Is this feature still highly requested? Would it help alleviate some of the problems you are facing?
- Is the users exclusion functionality on the Content Filtering and Attachment filtering not meeting your expectations? Are you having problems setting this up? Can we complement this in some practical way without introducing security implications?
- Would a Search Folder and a Quarantine RSS feed help you in grouping all quarantined emails coming from a particular sender, for easier/quicker approval?
I would like to point out at this stage that, by discussing this, we do not want to raise expectations unnecessarily and we cannot give any guarantees that we will actually implement this functionality. You will understand that any suggestions and requests for new functionalities that we receive will have to be discussed and approved internally before we can actually commit ourselves to implement them.
Also, the security aspect will always override the usability aspect: we will not implement any suggestions which we feel can lay the security of the product on the line, but we'll do our best to try to provide a solution that comes as close as possible to what you need.
Thanks,
< Message edited by christophers -- 5.Aug.2009 1:42:40 AM >
_____________________________
Chris Spiteri
GFI Software
Blog-Twitter-YouTube-Facebook
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 5.Aug.2009 2:24:10 AM
|
|
|
mss
Posts: 290
Joined: 5.Aug.2004
Status: offline
|
Hi AFlowers,
Can you describe a bit how exactly those attachments are sent. Who is the sender, who are the recipients, are local domains configured properly ? Keep in mind that if an email is sent to multiple recipients and at least one of them is not in the exclusion list, it will be blocked. There is a way to enable MailSecurity to still send the email to the recipients who were excluded ( you can find more details in this KB article http://kbase.gfi.com/showarticle.asp?id=KBID002829 ).
Regards,
Max Sushchenko
GFI Software Ltd - www.gfi.com
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 5.Aug.2009 6:56:23 AM
|
|
|
AFlowers
Posts: 165
Joined: 12.Feb.2007
Status: offline
|
Hi Christopher, Max
Thank you both for your responses!
I really appreciate the forethought you're trying to put into MailSecurity, it makes me glad to spend our money with you. My thoughts:
We [the IT department] need to stay out of having to check users' email. So, any solution that is implemented needs to be put in the hands of the end user. For the most part, I am in full agreement with the default actions of MailSecurity. Unfortunately (for both of us), the company that pays our salaries often have different ideas. This company policy states that any email that is properly addressed to a user must be delivered to the user's mailbox. We use MailEssentials for our antispam package, and it does a great job of doing just that. For me, I would much rather delete those emails that are absolutely spam, but management says, "No, send it to the user for them to decide". Anyway, that is the position I find myself in.
At this moment, I can finally get the message to come in to the user, but the javascript has been stripped out. For these particular users, the live code must be left intact.
How about implementing the method you use in MailEssentials? That is, flag the messages as "highly suspect", and/or route the questionable messages to a subfolder of the user's inbox. This can be only for those users in the exclusion list - all others can be handled in the default manner.
How about an exclusion list "pair"? If a particular user gets an email from a particular sender, then either leave it alone, or flag it as suspect. Once again, some wildcards are required for some senders (it's the insurance companies that are causing the issue right now).
Those are a couple of ideas that come to mind. Others may have better ideas, but either of these should be fairly easy to implement.
Thanks for listening!
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 6.Aug.2009 5:14:39 AM
|
|
|
Nicks
Posts: 2772
Joined: 17.Mar.2003
Status: offline
|
Hi all,
I wanted to start of by thanking everyone involved in discussing this feature.
I wanted to play the devil's advocate with this post, but at the same time elicit further feedback on the topic .... Certain malware spread by sending copies of the virus to people in the address book of the infected user - an example of such malware is the MyDoom/Novarg worm. As Christopher mentioned, our intention is scan ALL emails against viruses, however we all know that there is a small period of time in which virus scanning engines are not protecting us against latest malware until we update with the latest definition files.
Such a whitelist may cause such malware to reach to the users' mailboxes, which would otherwise may have been blocked by Attachment Checking.
How big of a risk do you think this is for your organization, and is your organization willing to take this risk?
_____________________________
Nicholas Sciberras
GFI Software
Blog-Twitter-YouTube-Facebook
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
