Then why have any AV software at all? You wouldn't want to impinge upon
someone's "right" to send you a virus and their "right" to make you execute
it!! Content filtering for words and language in the context of defending
against attacks is not the same as blocking for objectionable words (which
is often open for debate as to what would constitute objectionable words).
Quite often, prior to the release of DAT signatures for a current outbreak,
the only thing that you will have to go on is the existence of a certain
word or phrase. We too are local government. What happens in our case is
that when messages that come in that break a filter, we manually look at the
message to see if it is indeed the virus. It is strictly a Yes/No
proposition, not a civil liberties issue.
Ken Powell
Systems Administrator
Clark County Office of Budget and Information Services (OBIS)
Vancouver, Washington
[EMAIL PROTECTED]
Voice: (360) 397-6121 x4658
Fax: (360) 759-6001
-----Original Message-----
From: Matt Hoffman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:08 AM
To: Powell, Ken
Subject: RE: today's admin backwards virus
Well, there's a fundamental problem we have here; we're a public library,
and freedom to write and receive email here is not to be impinged in any
way. Even in blocking certain attachment types, I'm kind of stepping over
the line. So, in terms of filtering for any virus-related terminology, I
can probably get away with using software that filters for language. But, I
will be told by management to turn it off if we attempt to do anything that
restricts anything else. That's why I mentioned that it was not of great
concern.
Matt
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 12:02 PM
To: Exchange Discussions
Subject: RE: today's admin backwards virus
Blocking for certain words is an important part of filtering for viruses in
my opinion.
Ken Powell
Systems Administrator
Clark County Office of Budget and Information Services (OBIS)
Vancouver, Washington
[EMAIL PROTECTED]
Voice: (360) 397-6121 x4658
Fax: (360) 759-6001
-----Original Message-----
From: Matt Hoffman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:00 AM
To: Exchange 5.5 List
Subject: RE: today's admin backwards virus
So, does anyone have a strong opinion on what filtering software to use? We
haven't done anything along those lines before (hell, we didn't have
antivirus until last year). I just want to use it for blocking attachments;
we don't care about abilities relating to disclaimers or scanning for
certain language/words. Any opinions would help.
Thanks!
Matt
-----Original Message-----
From: Waters, Jeff [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 11:33 AM
To: Exchange Discussions
Subject: RE: today's admin backwards virus
Jennifer,
Most everyone has already hit on the obvious, most of us use the auto-update
feature from the A/V product of our choosing. Then we go the extra step and
use some sort of filtering, be it at the fire wall or just simple attachment
blocking in our e-mail server A/V product. Here I block
.exe;.vbs;.eml;.shs;.lnk attachments from even getting through the e-mail
server. Take what has happened to your site up the ladder as a reason to
put all this stuff in place! You might get some resistance, and even some
complaints, however every time one of these things happens the efforts you
have made will be seen and will be appreciated. TrueSecure
www.trusecure.com has some good white papers on what types of attachments
you should be, or at least thinking about blocking.
Oh, the other thing we did was, well we threw IIS right out the window!!!!!!
Good Luck
Jeffrey R. Waters
Senior Systems Engineer
Information Technology, Hanover County
-----Original Message-----
From: Jennifer Baker [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 6:10 AM
To: Exchange Discussions
Subject: today's admin backwards virus
I was just noticing that most of the gurus of the list had plenty of time
to respond to the list regarding various questions. Am I missing
something?
I have been updating virus software, scanning mailboxes, patching iis/owa
servers etc. all night. We were hit externally, but we only had to
restore one webserver (although it was similiar to a slightly compressed
support.microsoft.com). Is there some
secret to this sh*t that you are keeping from me regarding quick draw
administration or is this something you pawn off to others?
I will compensate for information. (Depending on
validity.)
I'm not jealous or bitter, btw...not.
Jennifer Baker
Fluke Corporation
http://www.fluke.com
http://www.flukenetworks.com
mailto:[EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
