Hi folk, I look for a solution to encrypt/decrypt mails. But, I have to scan them for malicous code also. All suggestions are welcome.
Well you'd have to decrypt them on the server and then scan them. This makes the whole point of encryption rather pointless for most environments. Not only that but to automate the process the private keys would have to be on the server and accessible to some software (meaning if an attacker gets in chances are they could steal them).
I would prefer a centralized solution (8 Branches 500 Mails per day)
I thought about a second DMZ to encrypt/decrypt on something like a keyserver. Then forward to the Contentscanner and then if the mails are clean forward to the internal Mailserver.
Anybody out there know about a "keyserver"?
Not really, at least not one I'd want to put private keys in. Looks like you're going to have to go with AV software on each desktop, which isn't as bad as it sounds, for example a Norton salesdroid spent an hour extolling all the wonderful central administrative features and so on for their new software (this is not an endorsement for Norton). This is going to be an increasingly large problem, and I have some articles on the subject planned, the bad news is there aren't any easy solutions.
thanks Peter
-Kurt