Filter EXE and ZIP Email Attachments
Some email attachments are very risky to your network because they often carry viruses. Uncompressed ZIP files and EXE files are two examples. SecureWorks recommends you keep both off your network with email filtering.
What's an uncompressed ZIP file?
When you create a ZIP file, the software automatically compresses the files inside so the single ZIP file is smaller than all the sum of the individual files. An uncompressed ZIP has very little legitimate purpose. Virus writers, on the other hand, hide their creations in ZIP files because they know many email systems are configured to let them through.
How do I send or receive an EXE file?
If you need to send an EXE file but have enabled EXE attachment filtering, put the EXE in a (compressed!) ZIP file and email or use another transmission protocol, such as FTP.
How do I enable email filtering?
Email filtering can be done in 4 places: at the desktop, at the mail server, at the perimeter and "in the cloud". As a general rule, the further away from the desktop you can filter, the better. Since "in the cloud" is done before the email ever reaches your network, it is ideal. However, tools such as user quarantine are necessary for "in the cloud" services in order to provide flexibility and control for users.
Intrusion prevention blocks uncompressed ZIP's and EXE's
Stopping uncompressed ZIP and EXE email attachments is a feature of our Managed Network Intrusion Prevention service.