Home     Articles     SBS Show     Vladfire     About     Links     Contact     Wiki     RSS2 Feed    

AJAXify your Wordpress

Learn how I ajaxified my wordpress blog with these few steps...

SBS Show!

Listen to the latest episode of the SBS Show, Dave Sobel talks about process management...

Vladville Newsletter!

Looking for a more focused, exclusive insight into the world of SMB tech & business? Sign up for my newsletter!

ExchangeDefender Updates: So this is what its like to work on Microsoft Vista?
Posted: 8:49 am
June 30th, 2006 		Post a comment
IT Business

Yesterday I had a pleasure of hanging out with half a dozen of our customers and at some point I got the Vista treatment:

We really love your product, but the file rules blow.

This is Vlad’s version of UAC. ExchangeDefender filters based on content type (tnef expanded Outlook attachments widely used in the exploit land), content name (things ending up in .bmp) and a few hundred other manual checks. Here is the problem. Microsoft’s .bmp, .pif, .scr and so on are widely used to propagate trojans, worms, etc. Users are stupid. So although Bob the sysadmin wants to get a zip file that has codebase or executable content inside of it, we cannot allow that to go through because then the user gets the message such as:

Dear Quickbooks User,

Attached is an archive with the software upgrade for Quickbooks. Double click on the zip file and launch the setup.exe program.

Sincerely,

Intuit Security

And, well… poof. They are 0wn3d. So one of the really useful features ExchangeDefender allows for is managed security – we sit on top of major infosec lists and watch for exploited extensions / filetypes. We look at our internal reporting and constantly program in attack patterns, etc. But every now and then we get this:

My user didn’t get my email because I inserted my .bmp signature. I don’t care its dangerous, works everywhere else, I demand you drop down the entire site security.

I need to get these files. I don’t care about security.

I am sick and tired of you blocking all the useful stuff. Open it up.

But after sitting around yesterday and listening to the feedback, I understand that ExchangeDefender may at times be more of a nuisance than a beneficial security layer. If it causes you more overhead and you’re willing to compromise your security (and set your own tradeoff level) I am willing to make that compromise.

And since I don’t work for the blue badge of inefficiency, I would like to let you know that we have worked overnight and that this feature is available in ExchangeDefender right now. How’s that for a major feature deployment in under 20 hours?  And no, this is not something we have been working on for years, this is something I started cranking on at 4AM and it’s functional against my domains now.

    • Provide your own extension blocklist
    • Provide your own filetype blocklist
    • Provide your own malware preferences (block, reject, bounce, forward, redirect, disarm, convert-to-text)

No pretty GUI right now, but if you’re banging your head and the users are screaming because they cannot get mail from point A to point B I can get this going for you today. The infrastructure is very granular, it can be implemented against a domain, email address and supports full RegExp (though if you don’t know how to write regexp this will absolutely break your mail delivery) and is implemented as an eval against an evenlope recipient (rcpt to) first and then inline second (“To: “). Want it today, drop me an email. GUI will follow by the end of Q3, we’re redesigning the way GUI works to begin with.

You can leave a response, or trackback from your own site.

6 Comments

Josh Edmonds | June 30th, 2006 at 9:20 am

Did you code while driving? Man, thats responsive near realtime development. No wonder you get killed on the Shockey Monkey list, your customers have it too good.

As for configurable attachment, policies, etc.. on one hand I’d rather trust you but on the other hand clients may have a business process requirement that I cannot dance around. You know of our .exe parking meter reports ;(



Ellis | June 30th, 2006 at 10:25 am

This is why we keep on sending clients your way. You can’t get this kind of a responsiveness from anybody. Or the ability for them to admit that something is their fault.

Way to go Vlad. I’m almost a Macuser fanatic of Own Web Now :)



Bill Walsh | June 30th, 2006 at 10:55 am

You can create that kind of stuff in 5 hours? I know this is horrible but boy do I wish you were looking for a job.



Adam | June 30th, 2006 at 11:20 am

How do you stay awake? This is so unreal. I know people with teams of programmers that are not this productive.. must be all that Halo 2 action.



richwalkup | June 30th, 2006 at 5:38 pm

No matter what everyone else says, you are the man. When I logged off our chat at 4am, I really didn’t expect to wake up to new functionality for ExchangeDefender.

Any time you need another annoying voice saying “you’re great but we really could use …”, just let me know. I know, I know, power users suck. I’m OK with that.

Shockey Shockey



Ken Edwards | June 30th, 2006 at 6:34 pm

If you keep this up, I will have to start using Exchange Defender!

-Ken



Leave a Reply

Whats on Vlad's Mind?

Sponsors:
This blog is made possible by Own Web Now Corp and ExchangeDefender. If you like this blog and are in the need of products we offer I hope you give us some consideration.

Get The Newsletter

Twitter

Vladfire Vlog

Divider


SBS Show Podcast
 

Categories

  

Archives

  

About
Divider Divider