Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/k-sec-tools/ExchangeFilter
https://github.com/k-sec-tools/ExchangeFilter
Last synced: about 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/k-sec-tools/ExchangeFilter
- Owner: k-sec-tools
- License: mit
- Created: 2021-06-14T05:48:17.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-08-25T07:26:42.000Z (about 3 years ago)
- Last Synced: 2024-04-09T20:27:57.149Z (6 months ago)
- Language: C#
- Size: 2.74 MB
- Stars: 17
- Watchers: 3
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
Microsoft Exchange 2019 Transport Filtering Agent
==================## Overview
* Detects potential malware with libyara.NET (we use our own build with different fixes).
* Extracts archives with SevenZipSharp.
* Disarms potentially malicious PDFs with based on xdpdf algorithm.
* Parses subject/body/headers with regex, aho-corasik.
* Checks MessageId and source subnet of messages.
* Can send user email notifications about potentially malicious messages.
* Marks potentially malicious message with special header, which helps you archive and reject malicious messages on your Exchange server.
* Uses metrics to decide whether a message is malicious.
* Bruteforces archive attachments with the dictionary generated on message text (bad guys like that way to hide malicious files from antiviruses).Using third party libraries:
* https://github.com/pdonald/aho-corasick
* https://github.com/braktech/xdpdf
* https://github.com/squid-box/SevenZipSharp
* https://github.com/microsoft/libyara.NET
* https://logging.apache.org/log4net/
* https://github.com/gdziadkiewicz/log4net.Ext.Json
* https://github.com/lduchosal/ipnetwork
* https://github.com/zzzprojects/html-agility-pack## Requirements
Linyaranet requires .Net version 4.6 and higher. You can check if your server support it:
* Check your exchange server version https://docs.microsoft.com/en-us/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019
* Check if it support .Net v4.6 or higher https://docs.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019## Installation
* Stop-Service msexchangetransport
* ls "c:\Path\To\FilterBinaries" -Recurse | Unblock-File
* Install-TransportAgent -Name "ExchangeFilter" -TransportAgentFactory "ExchangeFilterAgentFactory " -AssemblyPath "c:\Path\To\FilterBinaries\ExchangeFilter.dll"
* Set-TransportAgent "ExchangeFilter" -Priority 10
* Enable-TransportAgent -identity ExchangeFilter
* Start-Service msexchangetransport## Configuration
* Config.cs - Class contains necessary configurations, without which agents work is impossible.
* default_config.xml - once configured, will be backup fuse, and if you change config.xml with mistake, agent will use default configuration
* config.xml - main configuration file.## Logging
Information about messages processing is stored as JSON on filesystem via log4net.Ext.Json. Its useful to process these logs via ELK stack.