scan POA for non-virus content with SMG

We were just hit with a social engineering/ CEO fraud attack that our involved users did not bite on thankfully. But I have been directed to ask if twe could use something like an IMAP inteface policy to scan for emails that are not virus-ey but rather of the format [HighRankingPerson]@gmail.com. I don't think so but can SMG do something like that with the POA?

thanks,

Andrew

Parents
  • Verified Answer

    +1  

    Yes, SMG can do an IMAP scan of your GroupWise post office.

    You can create multiple Scan Policies and use one Policy Scan Configuration specifically created for your post office scan.

    That Policy Scan Configuration behaves the same as any other. For example, you can use filters to check for text strings and attach services to deal with them accordingly.

    __________
    Kevin Boyle, SuperUser

    Calgary, Alberta, Canada

  • 0 in reply to   

    Ok thanks Kevin. The challenge is that these attacks vary and in this particular case it was [HighRankingPerson} as the Display name and the sender/reply to address was completely different which on the plus side degraded the utility of the attack. So it would be inherently reactive... 

  • 0   in reply to 
    Display name and the sender/reply to address was completely different

    This is not uncommon when dealing with mass mailings.

    • From: is the person who composed or owns the email.
    • Sender: can be an individual responsible for sending it or service responsible for mass mailings.
    • Reply to: can be another email address different from both the From and Sender address.

    All of which just makes life interesting for sysadmins. :-)

    __________
    Kevin Boyle, SuperUser

    Calgary, Alberta, Canada

Reply
  • 0   in reply to 
    Display name and the sender/reply to address was completely different

    This is not uncommon when dealing with mass mailings.

    • From: is the person who composed or owns the email.
    • Sender: can be an individual responsible for sending it or service responsible for mass mailings.
    • Reply to: can be another email address different from both the From and Sender address.

    All of which just makes life interesting for sysadmins. :-)

    __________
    Kevin Boyle, SuperUser

    Calgary, Alberta, Canada

Children
No Data