Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/k-sec-tools/ExchangeFilter

Last synced: about 2 months ago
JSON representation

Host: GitHub
URL: https://github.com/k-sec-tools/ExchangeFilter
Owner: k-sec-tools
License: mit
Created: 2021-06-14T05:48:17.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2021-08-25T07:26:42.000Z (about 3 years ago)
Last Synced: 2024-04-09T20:27:57.149Z (6 months ago)
Language: C#
Size: 2.74 MB
Stars: 17
Watchers: 3
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

Microsoft Exchange 2019 Transport Filtering Agent
==================

## Overview
* Detects potential malware with libyara.NET (we use our own build with different fixes).
* Extracts archives with SevenZipSharp.
* Disarms potentially malicious PDFs with based on xdpdf algorithm.
* Parses subject/body/headers with regex, aho-corasik.
* Checks MessageId and source subnet of messages.
* Can send user email notifications about potentially malicious messages.
* Marks potentially malicious message with special header, which helps you archive and reject malicious messages on your Exchange server.
* Uses metrics to decide whether a message is malicious.
* Bruteforces archive attachments with the dictionary generated on message text (bad guys like that way to hide malicious files from antiviruses).

Using third party libraries:
* https://github.com/pdonald/aho-corasick
* https://github.com/braktech/xdpdf
* https://github.com/squid-box/SevenZipSharp
* https://github.com/microsoft/libyara.NET
* https://logging.apache.org/log4net/
* https://github.com/gdziadkiewicz/log4net.Ext.Json
* https://github.com/lduchosal/ipnetwork
* https://github.com/zzzprojects/html-agility-pack

## Requirements
Linyaranet requires .Net version 4.6 and higher. You can check if your server support it:
* Check your exchange server version https://docs.microsoft.com/en-us/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019
* Check if it support .Net v4.6 or higher https://docs.microsoft.com/en-us/exchange/plan-and-deploy/supportability-matrix?view=exchserver-2019

## Installation
* Stop-Service msexchangetransport
* ls "c:\Path\To\FilterBinaries" -Recurse | Unblock-File
* Install-TransportAgent -Name "ExchangeFilter" -TransportAgentFactory "ExchangeFilterAgentFactory " -AssemblyPath "c:\Path\To\FilterBinaries\ExchangeFilter.dll"
* Set-TransportAgent "ExchangeFilter" -Priority 10
* Enable-TransportAgent -identity ExchangeFilter
* Start-Service msexchangetransport

## Configuration
* Config.cs - Class contains necessary configurations, without which agents work is impossible.
* default_config.xml - once configured, will be backup fuse, and if you change config.xml with mistake, agent will use default configuration
* config.xml - main configuration file.

## Logging
Information about messages processing is stored as JSON on filesystem via log4net.Ext.Json. Its useful to process these logs via ELK stack.