Release notification 2015-12-22

Hi All,

We have made the next revision of your beloved Antispam Gateway live on December 20th and would like to give you an overview of what this revision contains:

[ol]- We have good reason to believe that those pesky ‘phantom’ messages in the delivery queue have been exorcised but we will be keeping a ghostbuster close just in case. This is not the BIG news though.

  • We have added an Edit button into your Create Rules page to make it easier to make small changes to any whitelist, blacklist or auto-forward rules you may have already created. This is also not the BIG news.

  • We have also been getting rid of those annoying Error 500 messages you may have seen when doing extended searches in the Outgoing message tracker or when trying to review malformed messages. This however is also not the BIG news.

  • We’ve fixed the issue where unblocked extensions remaining blocked in some isolated instances. Also not the BIG news.

  • The BIG news is that we believe we may have solved the problem with those .zip, macro .doc & .xls attachments that cause malware to be introduced onto your user’s computers. By introducing a filter which checks for any executable content found in attachments we can now move those files into quarantine to be dealt with accordingly even if the email itself is not spam and/or if the attachment itself is not known malware.[/ol]

If your domain is not using quarantine you will instead find that the suspicious attachment will be renamed by appending ‘.probable.malware’ to the file’s name. For example, Resume.doc (which caught a few people out) will now be delivered as Resume.doc.probable.malware. so that your users will think twice before saving the file or opening it.

This may introduce a few false-positives where users may have to rename a file, though they’ll probably ask the admin to do this for them, but under the current conditions where you guys are getting CryptoLockered and Dridexed up the wazoo with these macro files, let’s rather be safe than sorry.

This BIG news is phase one of the anti-malware initiative and will be enhanced in January’s release where the over-worked, underpaid, stressed-out admin will be able to more granularly define permissions as to who can release these attachments from quarantine as currently anyone over PowerUser level can release these. We will also be adding in an ability for the admin to download the attachment from quarantine for closer inspection of the file.

Keep calm and IT on :slight_smile:

M.