Not me, a developer we deal with exclusively. Sorry if my message was misleading. I don't block XLS or DOC files, (or zip) but do block EXE's Pifs. Actually, I got the list of recommended blocks from here:
http://www.swinc.com/resource/exch_faq_appxj.htm Stephen Grant IT/IM Officer Federal Superannuates National Association > -----Original Message----- > From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 27, 2004 1:32 PM > To: Exchange Discussions > Subject: RE: RE : New variant of W32/Dumaru.y > > > Wait...wait...wait. > > You block .xls and .doc files, but you don't block .zip files?!? > > -----Original Message----- > From: Stephen Grant [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 27, 2004 10:13 AM > To: Exchange Discussions > Subject: RE: RE : New variant of W32/Dumaru.y > > > Sybari's Antigen is deleting the .EXE file within the zip and > leaving the > zip format intact. Which is good news because I use zip to get files > through to associates that I know would be stopped by the > filter. (.xls, > .doc.) > > Stephen Grant > IT/IM Officer > Federal Superannuates National Association > > > > > -----Original Message----- > > From: Hague, Jeff [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, January 27, 2004 1:07 PM > > To: Exchange Discussions > > Subject: RE: RE : New variant of W32/Dumaru.y > > > > > > I started quarantining zips at our firewall yesterday evening > > at about 5pm EST and it has been steady at 5 - 7 per minute > > since. I have always blocked exe, bat, cmd, vbs, etc but I > > let zips through and everyone has gotten used to that - I > > guess well have to change that now... > > > > Jeff Hague > > MCSE > > Network Manager > > Randolph-Macon College > > Ashland, VA > > > > -----Original Message----- > > From: Bourque Daniel [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, January 27, 2004 12:24 PM > > To: Exchange Discussions > > Subject: RE : New variant of W32/Dumaru.y > > > > > > Well, I hope everybody have a lot of fun!!! We have received > > 3000 of those > > little critter since yesterday night. > > > > How can anybody let PIF/EXE/CMD/any executable file inside > > their network, > > even if it's in a zip file??? > > > > > > > > -----Message d'origine----- > > De : Scott Weston [mailto:[EMAIL PROTECTED] > > Envoy� : 26 janvier, 2004 20:48 > > � : Exchange Discussions > > Objet : RE: New variant of W32/Dumaru.y > > > > > > MessageLabs, the leading provider of managed email security > > services to > > businesses worldwide, has intercepted a high number of copies > > of a new worm > > known as W32/Mydoom.A-mm. > > > > Name: W32/Mydoom.A-mm > > Number of copies intercepted so far: 165,598 > > Time & Date first captured: 13.03pm GMT, 26th Jan 04 > > Origin of first intercepted copy: Russia > > > > W32/Mydoom.A-mm is a mass-mailing worm that attempts to > > spread via email and > > by copying itself to any available shared directories used by Kazaa. > > > > The worm harvests addresses from infected machines and > > targets files with > > the following extensions: .wab, .adb, .tbb, .dbx, .asp, .php, > > .sht, ..htm, > > .txt. > > > > > > > > > > > > On January 23, 2004, MessageLabs, the leading provider of > > managed email > > security services to businesses worldwide, intercepted a > > large number of > > copies of another variant of the Dumaru email worm - W32/Dumaru.Y. > > > > > > General > > The initial copy of this new variant originated from the > > United States. To > > date, the majority of infected emails that MessageLabs has > > intercepted were > > sent from the United Kingdom - 42% of the total number of > emails seen. > > > > Name: W32/Dumaru.Y-mm > > Aliases: W32/Dumaru.Z-mm > > Number of copies intercepted so far: 5,027 > > Time & Date first Captured: 23rd Jan 2004, 20.56 GMT > > Origin of first intercepted copy: United States > > > > The worm arrives as an attachment to an email called > > myphoto.zip (17Kb). The > > sender's email address may be forged, and therefore does not > > indicate the > > true identity of the sender. > > > > > > > > > > > > > > > > -----Original Message----- > > From: Steve [mailto:[EMAIL PROTECTED] > > Sent: Monday, January 26, 2004 4:15 PM > > To: Exchange Discussions > > Subject: New variant of W32/Dumaru.y > > > > > > We got a new variant of this that neither McAfee or Trend > is stopping > > (extra.dat is on the way). It is zipped and the subject and > > attachment name changes. Here is a link to NAI's description: > > > > http://vil.nai.com/vil/content/v_100980.htm > > > > Still nothing from Trend. This thing spreads like fire. > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang > > =english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
