Good points Eric. That is exactly what we are doing with NAI's Webshield
SMTP. I should have mentioned that we are quarantining rather than blocking
in the true sense.
Ken Powell
Systems Administrator
Clark County Office of Budget and Information Services (OBIS)
Vancouver, Washington
[EMAIL PROTECTED]
Voice: (360) 397-6121 x4658
Fax: (360) 759-6001
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:29 AM
To: Exchange 5.5 List
Subject: RE: today's admin backwards virus
The nice thing about MAILsweeper for SMTP (and I'm assuming others - I
haven't used them) is that you can quarantine messages, not just block them.
We had MAILsweeper quarantine all "suspicious" incoming content and send a
notification to the recipient that they had a message in quarantine. Our
policy was that any user could request a message be released to them, at
which point we (the admins) would review the message on a threat basis only
and release at our discretion.
A nice side benefit of this policy was that even though we were not policing
the content of our incoming mail (impossible with 20,000+ recipients) the
users were under the impression that we may have been. So they were telling
their buddies to stop sending them porn, executables, etc for fear that they
were being watched.
Eric
On Wed, 19 Sep 2001 12:07:05 -0400, "Exchange Discussions"
<[EMAIL PROTECTED]> wrote:
> Well, there's a fundamental problem we have here; we're a public library,
> and freedom to write and receive email here is not to be impinged in any
> way. Even in blocking certain attachment types, I'm kind of stepping over
> the line. So, in terms of filtering for any virus-related terminology, I
> can probably get away with using software that filters for language. But,
I
> will be told by management to turn it off if we attempt to do anything
that
> restricts anything else. That's why I mentioned that it was not of great
> concern.
>
> Matt
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 12:02 PM
> To: Exchange Discussions
> Subject: RE: today's admin backwards virus
>
>
> Blocking for certain words is an important part of filtering for viruses
in
> my opinion.
>
> Ken Powell
> Systems Administrator
> Clark County Office of Budget and Information Services (OBIS)
> Vancouver, Washington
> [EMAIL PROTECTED]
> Voice: (360) 397-6121 x4658
> Fax: (360) 759-6001
>
>
> -----Original Message-----
> From: Matt Hoffman [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 9:00 AM
> To: Exchange 5.5 List
> Subject: RE: today's admin backwards virus
>
>
> So, does anyone have a strong opinion on what filtering software to use?
We
> haven't done anything along those lines before (hell, we didn't have
> antivirus until last year). I just want to use it for blocking
attachments;
> we don't care about abilities relating to disclaimers or scanning for
> certain language/words. Any opinions would help.
>
> Thanks!
>
> Matt
>
> -----Original Message-----
> From: Waters, Jeff [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 11:33 AM
> To: Exchange Discussions
> Subject: RE: today's admin backwards virus
>
>
> Jennifer,
> Most everyone has already hit on the obvious, most of us use the
auto-update
> feature from the A/V product of our choosing. Then we go the extra step
and
> use some sort of filtering, be it at the fire wall or just simple
attachment
> blocking in our e-mail server A/V product. Here I block
> .exe;.vbs;.eml;.shs;.lnk attachments from even getting through the e-mail
> server. Take what has happened to your site up the ladder as a reason to
> put all this stuff in place! You might get some resistance, and even some
> complaints, however every time one of these things happens the efforts you
> have made will be seen and will be appreciated. TrueSecure
> www.trusecure.com has some good white papers on what types of attachments
> you should be, or at least thinking about blocking.
>
> Oh, the other thing we did was, well we threw IIS right out the
window!!!!!!
>
> Good Luck
>
> Jeffrey R. Waters
> Senior Systems Engineer
> Information Technology, Hanover County
>
>
> -----Original Message-----
> From: Jennifer Baker [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 6:10 AM
> To: Exchange Discussions
> Subject: today's admin backwards virus
>
>
> I was just noticing that most of the gurus of the list had plenty of time
> to respond to the list regarding various questions. Am I missing
> something?
>
> I have been updating virus software, scanning mailboxes, patching iis/owa
> servers etc. all night. We were hit externally, but we only had to
> restore one webserver (although it was similiar to a slightly compressed
> support.microsoft.com). Is there some
> secret to this sh*t that you are keeping from me regarding quick draw
> administration or is this something you pawn off to others?
>
> I will compensate for information. (Depending on
> validity.)
>
> I'm not jealous or bitter, btw...not.
>
> Jennifer Baker
> Fluke Corporation
> http://www.fluke.com
> http://www.flukenetworks.com
> mailto:[EMAIL PROTECTED]
>
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
