Is it a common practice to deny/filter e-mails that contain files with macros?

In this Ask the Expert Q&A, resident network security expert, Mike Chapple, discusses whether it a common practice to deny/filter e-mails that contain files with macros.

University of Notre Dame

Is it a common practice to deny/filter e-mails that contain files with macros? I currently have our firewalls set to deny VBA's and macro-laden files, but we need to send some files back and forth to headquarters and subs. Are there alternative setups or should we not worry about blocking macros?

At this point in time, I'd say it's standard practice for organizations to use an antivirus scanner on all inbound e-mails. In fact, you'd be hard-pressed to find anyone who doesn't. Worm outbreaks like Melissa and ILOVEYOU in the late 1990s forced everyone's hand in that respect.

The whole idea of blocking various classes of e-mail can be somewhat tricky and controversial. I know of organizations...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

that block all documents containing scripts, while others block all compressed files because they might be encrypted. This really comes down to a business decision. If you have a business need for these files, you probably don't want to block them completely. It's reasonable to rely on your mail server's antivirus software to detect and remove malicious scripts. On the other hand, if you're able to clearly identify those senders (say everyone at foo.com) that need to exchange script-laden files, you might want to configure your server to reject these attachments from anyone else.

This was last published in April 2006

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Related Resources

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Related Q&A from Mike Chapple

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.