Last Friday Purewire blogged about a fake Microsoft Outlook update that one of their employees received via email.
Typically when a security company blogs about an email virus they've seen in the wild, it clear that its something the research team found, or something that got through to a home address or to their wife's company etc. In this case I didn't see any attribution like that. In fact, the redacted cut and paste clearly shows it sent to a @purewire.com address. That says to me Purewire's corporate email security is kind of lacking. Not the message you want to post to your company's blog.
A virus making it to a end user via email is not the sort of thing I would expect to see at my company much less a security company. The email had a zipped attachment which contained a EXE file. That right there would have been stripped at many companies. How many times has a EXE in a Zip been a good thing. I'm not a big fan of stripping attachments, even by file type or extension. Regular readers know I recommend MessageLabs for email security. Obviously Purewire couldn't use them for email since they compete in the web SaaS space and just got bought by Barracuda.
So what type of email security does Purewire have currently? It looks like their mail server is Zimbra. I could be wrong from my two minutes of searching, but it appears that ClamAV is the antivirus protection used with Zimbra. As Steve Spurrier said when he coached the Redskins "not too good."
While I wrote this mainly to tease them, I am thinking now its more serious. These guys expect me to send my web traffic through their SaaS towers. I need to believe their internal processes are mature.
Now they may come back and say that the message actually did get stopped before reaching a users mailbox. That would render my post moot. But it doesn't say that now. It says " a Purewire employee received an email."
Leave a comment