RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please respond
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 6.Aug.2009 10:43:50 AM
|
|
|
joestern
Posts: 279
Joined: 18.Sep.2003
From: Philadelphia, PA
Status: offline
|
In my environment, it's only the HTML sanitizer that needs some whitelist capability. It munges some HTML e-mails from institutional senders, to the outrage of the internal users who can't receive them.
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 6.Aug.2009 12:53:45 PM
|
|
|
AFlowers
Posts: 165
Joined: 12.Feb.2007
Status: offline
|
Same here, html attachments are the biggie at this time - coming from an insurance company.
Hi Nicks. Thanks for joining in...
I completely agree that to allow things in that can hurt us does not make good sense. Unfortunately, companies do not always see it that way. Take Blue Cross Blue Shield, for example. They are the ones that are sending these emails with the html attachments. We (the IT department at our company) have told them that this is unwise, and that our antivirus system was complaining. Like talking to a fence post...
Too, corporate management does not take kindly to being told that they can not receive the message from the insurance company because it is a virus risk. Have you ever had the CEO (or somebody authorized by him) demand the network administrator's password? I have. Wise or not, it is their company. Then there comes the day when we're told to get rid of the OFFENDING SOFTWARE for standing in their way.
I'm not saying that allowing the attachments is wise. What I am saying is that there are times when we do not have a choice.
< Message edited by AFlowers -- 6.Aug.2009 1:02:52 PM >
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 7.Aug.2009 12:03:19 PM
|
|
|
mrdon
Posts: 4
Joined: 17.Dec.2007
Status: offline
|
We are having problems with emails coming from Blue Cross, Blue Shield, Aetna, State Fund, and more of these companies are switching the the same form of encryption. GFI MailSecurity is stripping needed info out of the emails, so that they become worthless.
Also, Nick. The thread you just closed and included a link referencing this thread....the link you added is broken.
Thanks,
Brandon
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 10.Aug.2009 7:09:54 AM
|
|
|
ict@wingene.be
Posts: 10
Joined: 28.Feb.2008
Status: offline
|
We've finally end up by disabling all content filtering policies in MailSecurity because we could'nt exclude it by use of the whitelist. (see request: http://forums.gfi.com/m_900769181/mpage_1/key_whitelist/tm.htm#900769181).
Keyword checking in MailEssentials is doing the work for us (which works in combination with the whitelist).
I agree that the whitelist shouldn't overrule the virusscan-engines, but I think overruling the content filtering policies won't harm.
_____________________________
IT Department
Local Government Wingene
Belgium
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 27.Aug.2009 1:24:17 PM
|
|
|
AFlowers
Posts: 165
Joined: 12.Feb.2007
Status: offline
|
Any further consideration of this subject? We've created a workaround for the time being, but need a more permanent solution.
Please keep us posted.
Thanks!
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 28.Aug.2009 4:19:11 AM
|
|
|
Nicks
Posts: 2771
Joined: 17.Mar.2003
Status: offline
|
Hi all,
This functionality is getting some serious consideration, although it is still too early to provide further details at the moment. We'll post an update in early September.
Thanks once again for your feedback.
_____________________________
Nicholas Sciberras
GFI Software
Blog-Twitter-YouTube-Facebook
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 28.Aug.2009 6:57:30 AM
|
|
|
AFlowers
Posts: 165
Joined: 12.Feb.2007
Status: offline
|
Thanks for the reply, Nick. - AFlowers
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 11.Sep.2009 7:30:42 AM
|
|
|
Nicks
Posts: 2771
Joined: 17.Mar.2003
Status: offline
|
Hi,
The whitelist feature for the HTML Sanitizer is planned to be implemented in H1 2010.
_____________________________
Nicholas Sciberras
GFI Software
Blog-Twitter-YouTube-Facebook
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 15.Sep.2009 2:03:45 PM
|
|
|
kharris
Posts: 23
Joined: 10.Aug.2007
Status: offline
|
I'm glad to hear of the whitelist feature for the HTML Sanitizer, thank you for the follow up and implementation of this feature!
Will the whitelist be address/IP based? It would be nice to be able to specify file names to bypass the HTML Sanitizer. I have users who receive encrypted messages from the Cisco Registered Envelope Service (RES) and the attachment is always securedoc.html, so it would be nice to just allow this filename to bypass the check.
I would also like to see a similar feature for macro checking as well. I have a user who updates a file and submits it twice a month, and it contains macros and always gets hung up in MSEC quarantine. Like the HTML Sanitizer, I don't want to disable the macro checking feature for the entire mail domain, and it would be nice to allow a particular filename or sender to bypass the macro checking module. Thanks again, I look forward to the latest rounds of improvements!
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 16.Sep.2009 12:11:05 AM
|
|
|
Nicks
Posts: 2771
Joined: 17.Mar.2003
Status: offline
|
Hi,
At the moment the plan is to have the whitelist implemented for the HTML Sanitizer only. The whitelist will consist of a list of emial addresses / domains - any emails originating from this list will not be checked by the HTML Sanitizer.
Macro checking is part of the AV checks - at the moment there are no plans to have the whitelist exclude any of the AV checks. However feel free to provide any other comments related to this - we are still in time to change our plans :)
As mentioned in previous posts, our main concern was spoofing of emails. Do you think it makes more sense to restrict the whitelist by email / domain and filename?
_____________________________
Nicholas Sciberras
GFI Software
Blog-Twitter-YouTube-Facebook
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 16.Sep.2009 7:24:49 AM
|
|
|
AFlowers
Posts: 165
Joined: 12.Feb.2007
Status: offline
|
I think having domain name/file name is a good check. Or, is some cases, it may have to be sender name/file name. Having a two part check is about as secure as IT can make it. This will force the user to have some input to the process, having to provide both pieces of information, rather than the "just let everything in from so and so" mentality.
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 26.Oct.2009 2:36:27 PM
|
|
|
InfoSysAdmin
Posts: 11
Joined: 22.Dec.2006
Status: offline
|
Hey Nicks - Thank you for your work on this.
I was just following up to see if we're on track to have the Whitelist for HTML Sanitizer. It seems as if many many medical providers have switched to this format so HR/Benefit Departments all over are expecting these messages.
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 27.Oct.2009 2:58:31 AM
|
|
|
Nicks
Posts: 2771
Joined: 17.Mar.2003
Status: offline
|
Hi InfoSysAdmin,
Yes, we are still on track for implementing this feature, however we still do not have a more definite date. Any updates will be posted in this thread.
_____________________________
Nicholas Sciberras
GFI Software
Blog-Twitter-YouTube-Facebook
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 20.Jan.2010 9:08:26 AM
|
|
|
dsidler
Posts: 13
Joined: 19.May2005
Status: offline
|
Hi Chris
Many thanks for providing your customers with the opportunity to actively participate in shaping the future of your solution.
I second the idea that circumventing virus scanning via any sort of white listing or other exception rule is a no-go.
In order to mitigate the risk of letting malicious content enter an organization, I believe the proposed white listing feature should allow for as much granularity and precision as possible. In other words, the better I am able to describe the exact circumstances that would allow a message to pass Mail Security (despite its content), the better I can protect my environment from an attack.
As an example, we receive messages on a regular basis from a business partner that are being quarantined because of a file extension mismatch. These messages are always sent from a specific sender address to a specific receiver in my organization.
Ideally Mail Security would allow me to tailor an exception rule for this specific case:
- Sender is xyz@partner.com
- Receiver is wxy@mydomain.com
- Subject contains "*daily report*"
- Quarantine reason is "File category mismatch"
Only if ALL of the above criteria match, let the message pass.
Just my 2 cents ..
Dan
|
|
|
|
|
RE: FEATURE REQUEST UPDATE - Whitelist - GFI Please res... - 2.Mar.2010 4:42:10 PM
|
|
|
GreenLD
Posts: 26
Joined: 14.Feb.2006
Status: offline
|
Hi,
This topic has been fairly quiet suince October 2009. Is there any better sense of a release date yet for the HTML Sanitizer whitelist capability.
Thank you!
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
