Article

Best Practice #4: Quarantine attachments

Richard Luckett
Attachments -- even from people you trust -- can contain a variety of maladies. There are pieces of malicious code that a hacker can embed in a file attachment that are specifically written to interact or destroy data on your machine based on where the attachment gets stored.

If the antivirus software installed on your machines doesn't detect an attachment and it gets placed in a directory like "My Documents," then that could be just what the malicious coder wanted.

As a best practice, treat all e-mail attachments as if they are infected. You should create a folder, preferably on a separate disk, and save all new e-mail attachments to that folder. You can think of this as "quarantine." Once the folder has been scanned by not only the antivirus software, but also the anti-malware software, you can choose to move it to another location.

If you want to automate this process, check out the many

    Requires Free Membership to View

attachment management tools that are available.


Top 10 best practices for securing e-mail clients

 Home: Introduction
 #1: Patch your clients
 #2: Configure antivirus software to scan your e-mail clients
 #3: Use anti-malware software
 #4: Quarantine attachments
 #5: Don't be a sucker
 #6: Disable unsigned macros
 #7: Use Outlook's Junk E-mail filter or install spam-filtering software
 #8: Just be plain
 #9: Learn to read (e-mail headers, that is)
 #10: Digitally sign and encrypt e-mails

ABOUT THE AUTHOR:   
Richard Luckett, Vice President and Senior Consultant, Ajettix Security
Richard Luckett is a Microsoft Certified Systems Engineer on the Windows NT 4.0, 2000 and 2003 platforms and has been certified on Exchange since version 4.0. He is the co-author of Administering Exchange 2000 Server, published by McGraw Hill, and has written four Exchange courses, Introduction to Exchange 2000, and Hands-on Exchange 2003, Ultimate Exchange Server 2003 and Exchange Server 2003 Administrator Boot Camp for Global Knowledge Inc. Richard is currently Vice President and Senior Consultant for Ajettix Security, where he is the head of the Microsoft security practice.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: