Jump to content

Direct Exchange integration


DraugTheWhopper
 Share

Recommended Posts

Has the Malwarebytes team ever considered writing some basic integration with popular datastore systems like MS exchange? I've repeatedly been in scenarios where my perimeter security was quite good, but malicious items were already present in the system. Since most threats appear as email attachments, you could probably feed all attachments through the MBAM engine and see what comes out the other side. MBAM is an incredibly powerful tool for sanitizing infected machines, as well as finding new and uncategorized malware, I'd love to see it be able to operate on more than just flat files.

Link to post
Share on other sites

The thing with this is that since Malwarebytes doesn't target script, office, etc. documents (like .doc, .docx, .js, etc.) all of these emails with these attachments would make it past Malwarebytes. However, it would be able to detect the payload these downloaders downloads and drops on the system if they are detected by Malwarebytes.

There are specialized solutions for what you want to do. For instance, at my job, we use Barracuda.

https://www.barracuda.com/products/emailsecuritygateway

If you want to use Malwarebytes that way, then you would have to deploy it on every computer of your organisation for it to stop the payload delivered via malicious script and office attachments.

@David H. Lipman can probably give you a better explanation than I did.

Link to post
Share on other sites

9 minutes ago, Aura said:

The thing with this is that since Malwarebytes doesn't target script, office, etc. documents (like .doc, .docx, .js, etc.) all of these emails with these attachments would make it past Malwarebytes. However, it would be able to detect the payload these downloaders downloads and drops on the system if they are detected by Malwarebytes.

Interesting. I was assuming MBAM performed at least some heuristics on these, but probably I was wrong.

11 minutes ago, Aura said:

There are specialized solutions for what you want to do. For instance, at my job, we use Barracuda.

https://www.barracuda.com/products/emailsecuritygateway

I'm quite aware of that, and as I mentioned, we have solid perimeter security. Since you sound like you've done at least some work with mail security, do you happen to have any suggestions for easily cleaning up Exchange datastores, without spooling up complex trials of Exchange-level AV suites, or spending dozens of hours manually running Exmerge against lots of small Exchange deployments?

Link to post
Share on other sites

I have no experience with mail servers sadly, I just know what we use and the basic setup :)

And no, Malwarebytes don't perform heuristics on these because it simply doesn't scan them. Here, you can find a more detailled explanation in @David H. Lipman post below.

https://forums.malwarebytes.org/topic/188403-ransomeware-not-detected-by-malwarebytes/#comment-1062249

 

Link to post
Share on other sites

2 minutes ago, Aura said:

And no, Malwarebytes don't perform heuristics on these because it simply doesn't scan them. Here, you can find a more detailled explanation in @David H. Lipman post below.

https://forums.malwarebytes.org/topic/188403-ransomeware-not-detected-by-malwarebytes/#comment-1062249

Thanks for the link, very informative.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.