We're using the Disarm feature, and it works fine for most of the cases. We've enabled it for MS Office type of documents, as a start.
For business reasons we've configured to allow MS Excel documents
However, when a message with both Word and Excel documents arrive, Disarm choose to bypass also the Word document.
We think this behaviour should be changed such that each individual document is looked at
I think it also be nice to be able to add an information message in form of modifying the subject of the message with disarmend documents, like we have on others like spam etc.
Also, the overview of disarmed documents (or messages) seems to be missing. One idea might be ther's an "folder" or similar to "quarantine". This might allow the operator to release a original of a document that has been disarmed. Today, there is no way to find the original attachment, and to release it. This is a major drawback.
This might be good input to improve better security, operational overview, monitoring, reporting and end user information
Regards,
SKAGEN Funds
Trond Østrådt
Security Manager