Block Zip Files Less Than 500Kb
In GFI Mail Essentials could we have the option to block Zip files less than 500Kb? The reason being that we find all zip files containing viruses are under 500Kb and any Zip over this size is most likely to be genuine.
Romeo S commented
We are in need of the same feature since we receive a lot of infiltration attempts with e-mails containing ZIP attachments in the 5 - 10 KB range. A simple option to filter out e-mails with attachments less than specified file size would be extremely helpful.
[Comment date: 2013-09-06]
A better idea would be to add a new anti-spam filter (Attachments), and allow the administrator to specify a list of extensions to block, specifying the minimum and maximum file sizes.
Block files with ".zip" extension whose size is between 0 bytes and 512,000 bytes (inclusive).
Block files with ".pdf" extension whose size is between 123 bytes and 123 bytes (inclusive).
This filter should include a sender exclusion list so that specific senders (email addresses or domains) can bypass this filter. Relying on the whitelist for bypassing is not sufficient because you may, for example, want to do SPF checking on a domain, but exclude that domain from this attachment filter.
Product Management commented
[Comment date: 2013-09-19]
Such viruses should be blocked by the Trojan and Exe Scanner or the Virus Scanning Engines.
[Comment date: 2013-09-19]
It's true that the Trojan and Virus scanners work well to block malware attachments. However, with new malware being created all the time, there will always be malware that has not yet been added to the definition files, thus it will not be blocked.
Allowing administrators to block specific attachment types having a specific size/range would be extremely helpful as a proactive measure to block malware that has not yet been added to the definition files.
[Comment date: 2013-11-07]
Viruses SHOULD be blocked but that isn't always the case. I agree with Chris.
Naser Halteh commented
[Comment date: 2013-11-21]
Currently, GFI has two of the same content size options which is to block greater than a size limit. There is no option to block less than, which is a more important feature because viruses are always attached around 10KB in my network environment. I can block SO MUCH spam and open LESS cases with GFI if they can simply create this option. I'm appalled that this feature is not available in MailEssentials 2014!
James Brammeier commented
[Comment date: 2013-11-25]
We had to block all zip files because most of the viruses we are receiving have not been added to the virus scanners definitions yet. Even though I have 2 virus scan engines running, I still have to delete hundreds of e-mails containing zip files that passed the virus scanners who are configured to delete any infected e-mail. After we had a couple users infect their computer from viruses that made it past the virus scan engine I had no choice but to quarantine all zip files and manually approve the legit ones. Upload any new infected file to www.virustotal.com and you can see for yourself that most virus scanners usually don't consider it a threat.
Adding the delete or quarantine all zip files under a specific size would be an awesome add-on to have and experiment with and our users would be happier not having to wait for me to go through the Quarantine All Malware and Content Items.