On one of our clients we block VBS at the Exchange servers, and MAILSWEEPER
box. We simply kill it. I would rather kill the little buggers versus
letting them get into our systems and kill me since I would have to clean up
the mess.
Nate Couch
EDS Messaging
> ----------
> From: Neil Hobson
> Reply To: [EMAIL PROTECTED]
> Sent: Friday, September 7, 2001 07:51
> To: [EMAIL PROTECTED]
> Subject: RE: VBS Blocking
>
> I just setup a MailSweeper for a client yesterday and blocked VBS
> files...but um...not to that level! And no, I didn't include the log
> file in the inform message!
>
> Neil
>
> -----Original Message-----
> From: Mark Harford [mailto:[EMAIL PROTECTED]]
> Posted At: 07 September 2001 13:49
> Posted To: Exchange Mailing List
> Conversation: VBS Blocking
> Subject: VBS Blocking
>
>
>
> This is ridiculous! I have just had my last message rejected as being a
> Vbscript virus because it had the phrase "Outlook Application" in the
> plain text message body. The entire log file was also included in the
> message sent to me which surely is not a good idea.
>
> Anyone else set up Mailsweeper to be quite so severe?
>
> The relevant entry in the log is as follows:-
>
>
> 13:38:09.62 (VAL:002) DetectVBS - PerformIf matched
> containerclass=="Text". 13:38:09.62 (LEX:003) Found phrase Value 100,
> Text "Outlook application " 13:38:09.62 (LEX:003) Total Value = 100,
> Loading = 1, result = "HaveVBS" 13:38:09.62 (MSW:002) Validator
> 'DetectVBS' returned "HaveVBS" 13:38:09.62 (MSW:001) Validating Node '0'
> - '' ''
> 13:38:09.62 (MSW:002) Attribute 'AttachmentSize' = 4043
> 13:38:09.62 (MSW:002) Attribute 'NodeId' = '0'
> 13:38:09.64 (LEX:003) Total Value = 0, Loading = 1, result = ""
> 13:38:09.64 (MSW:001) Following disposal route "VBSFile". 13:38:09.64
> (MSW:002) Quarantine disposal 13:38:09.84 (MSW:001) Message quarantined
> in "Blocked Messages" as entry "A0011217".
>
>
> A bit OTT I think!
>
> mark
>
> -----Original Message-----
> From: MAILsweeper [mailto:[EMAIL PROTECTED]]
> Sent: 07 September 2001 13:38
> To: '[EMAIL PROTECTED]'
> Cc: Postmaster
> Subject: A Copy of a VBS Virus may have been detected in this message.
>
>
> A mail message has been found containing VBscript-ing language.
> There is a potential that this could contain malicious code.
> <<logfile.txt>> <<body.txt>>
>
>
> This e-mail, and any attachment, is confidential. If you have received
> it in error, please delete it from your system, do not use or disclose
> the information in any way, and notify me immediately. The contents of
> this message may contain personal views which are not the views of the
> BBC, unless specifically stated.
>
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
> **********************************************************************
> This eMail and any files transmitted with it are confidential and
> intended solely for the use of the individual to whom it is addressed.
> Any view or opinions presented are solely those of
> the author and do not necessarily represent those of Silversands
> or any of its subsidiary companies.
> If you have received this eMail in error please contact the Support Desk
> Immediately by telephone on 01202-360000 or on eMail at
> [EMAIL PROTECTED]
> **********************************************************************
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
>
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]