Why? I would think that you would want it to be scanned for known viruses in
case it contained something that I had missed. When it quarantines due to
content filtering it is never scanned. Once it is released, then it is
scanned.
Ken Powell
Systems Administrator
Clark County Office of Budget and Information Services (OBIS)
Vancouver, Washington
[EMAIL PROTECTED]
Voice: (360) 397-6121 x4658
Fax: (360) 759-6001
-----Original Message-----
From: Schwartz, Jim [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 1:27 PM
To: Powell, Ken
Subject: RE: today's admin backwards virus
No you should send all porn to me so I can verify if it business applicable.
Ken,
The one thing you need to watch for when you quarantine the mail is that NAI
does not send it back through the scanning routine when you go to send it
on. I know of one person who was burned this way.
> -----Original Message-----
> From: Avi Smith-Rapaport [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 2:18 PM
> To: Exchange Discussions
> Subject: RE: today's admin backwards virus
>
> You have it set up to send all attatchments to administrator email box?
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 2:16 PM
> To: Exchange Discussions
> Subject: RE: today's admin backwards virus
>
>
> Good points Eric. That is exactly what we are doing with NAI's Webshield
> SMTP. I should have mentioned that we are quarantining rather than
> blocking
> in the true sense.
>
> Ken Powell
> Systems Administrator
> Clark County Office of Budget and Information Services (OBIS)
> Vancouver, Washington
> [EMAIL PROTECTED]
> Voice: (360) 397-6121 x4658
> Fax: (360) 759-6001
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 9:29 AM
> To: Exchange 5.5 List
> Subject: RE: today's admin backwards virus
>
>
> The nice thing about MAILsweeper for SMTP (and I'm assuming others - I
> haven't used them) is that you can quarantine messages, not just block
> them.
> We had MAILsweeper quarantine all "suspicious" incoming content and send a
> notification to the recipient that they had a message in quarantine. Our
> policy was that any user could request a message be released to them, at
> which point we (the admins) would review the message on a threat basis
> only
> and release at our discretion.
>
> A nice side benefit of this policy was that even though we were not
> policing
> the content of our incoming mail (impossible with 20,000+ recipients) the
> users were under the impression that we may have been. So they were
> telling
> their buddies to stop sending them porn, executables, etc for fear that
> they
> were being watched.
>
> Eric
>
> On Wed, 19 Sep 2001 12:07:05 -0400, "Exchange Discussions"
> <[EMAIL PROTECTED]> wrote:
>
> > Well, there's a fundamental problem we have here; we're a public
> library,
> > and freedom to write and receive email here is not to be impinged in any
> > way. Even in blocking certain attachment types, I'm kind of stepping
> over
> > the line. So, in terms of filtering for any virus-related terminology,
> I
> > can probably get away with using software that filters for language.
> But,
> I
> > will be told by management to turn it off if we attempt to do anything
> that
> > restricts anything else. That's why I mentioned that it was not of
> great
> > concern.
> >
> > Matt
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 19, 2001 12:02 PM
> > To: Exchange Discussions
> > Subject: RE: today's admin backwards virus
> >
> >
> > Blocking for certain words is an important part of filtering for viruses
> in
> > my opinion.
> >
> > Ken Powell
> > Systems Administrator
> > Clark County Office of Budget and Information Services (OBIS)
> > Vancouver, Washington
> > [EMAIL PROTECTED]
> > Voice: (360) 397-6121 x4658
> > Fax: (360) 759-6001
> >
> >
> > -----Original Message-----
> > From: Matt Hoffman [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 19, 2001 9:00 AM
> > To: Exchange 5.5 List
> > Subject: RE: today's admin backwards virus
> >
> >
> > So, does anyone have a strong opinion on what filtering software to use?
> We
> > haven't done anything along those lines before (hell, we didn't have
> > antivirus until last year). I just want to use it for blocking
> attachments;
> > we don't care about abilities relating to disclaimers or scanning for
> > certain language/words. Any opinions would help.
> >
> > Thanks!
> >
> > Matt
> >
> > -----Original Message-----
> > From: Waters, Jeff [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 19, 2001 11:33 AM
> > To: Exchange Discussions
> > Subject: RE: today's admin backwards virus
> >
> >
> > Jennifer,
> > Most everyone has already hit on the obvious, most of us use the
> auto-update
> > feature from the A/V product of our choosing. Then we go the extra step
> and
> > use some sort of filtering, be it at the fire wall or just simple
> attachment
> > blocking in our e-mail server A/V product. Here I block
> > .exe;.vbs;.eml;.shs;.lnk attachments from even getting through the
> e-mail
> > server. Take what has happened to your site up the ladder as a reason
> to
> > put all this stuff in place! You might get some resistance, and even
> some
> > complaints, however every time one of these things happens the efforts
> you
> > have made will be seen and will be appreciated. TrueSecure
> > www.trusecure.com has some good white papers on what types of
> attachments
> > you should be, or at least thinking about blocking.
> >
> > Oh, the other thing we did was, well we threw IIS right out the
> window!!!!!!
> >
> > Good Luck
> >
> > Jeffrey R. Waters
> > Senior Systems Engineer
> > Information Technology, Hanover County
> >
> >
> > -----Original Message-----
> > From: Jennifer Baker [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 19, 2001 6:10 AM
> > To: Exchange Discussions
> > Subject: today's admin backwards virus
> >
> >
> > I was just noticing that most of the gurus of the list had plenty of
> time
> > to respond to the list regarding various questions. Am I missing
> > something?
> >
> > I have been updating virus software, scanning mailboxes, patching
> iis/owa
> > servers etc. all night. We were hit externally, but we only had to
> > restore one webserver (although it was similiar to a slightly compressed
> > support.microsoft.com). Is there some
> > secret to this sh*t that you are keeping from me regarding quick draw
> > administration or is this something you pawn off to others?
> >
> > I will compensate for information. (Depending on
> > validity.)
> >
> > I'm not jealous or bitter, btw...not.
> >
> > Jennifer Baker
> > Fluke Corporation
> > http://www.fluke.com
> > http://www.flukenetworks.com
> > mailto:[EMAIL PROTECTED]
> >
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe: mailto:[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe: mailto:[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe: mailto:[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe: mailto:[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe: mailto:[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
