I would double check that with NAI. I've asked for that to happen a number
of times and they have told me that if you block mail and then turn and
release, that it does not rescan it.
I've asked for this to change.
> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 4:30 PM
> To: Exchange Discussions
> Subject: RE: today's admin backwards virus
>
> Why? I would think that you would want it to be scanned for known viruses
> in
> case it contained something that I had missed. When it quarantines due to
> content filtering it is never scanned. Once it is released, then it is
> scanned.
>
> Ken Powell
> Systems Administrator
> Clark County Office of Budget and Information Services (OBIS)
> Vancouver, Washington
> [EMAIL PROTECTED]
> Voice: (360) 397-6121 x4658
> Fax: (360) 759-6001
>
>
> -----Original Message-----
> From: Schwartz, Jim [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 1:27 PM
> To: Powell, Ken
> Subject: RE: today's admin backwards virus
>
>
> No you should send all porn to me so I can verify if it business
> applicable.
>
> Ken,
> The one thing you need to watch for when you quarantine the mail is that
> NAI
> does not send it back through the scanning routine when you go to send it
> on. I know of one person who was burned this way.
>
> > -----Original Message-----
> > From: Avi Smith-Rapaport [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 19, 2001 2:18 PM
> > To: Exchange Discussions
> > Subject: RE: today's admin backwards virus
> >
> > You have it set up to send all attatchments to administrator email box?
> >
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 19, 2001 2:16 PM
> > To: Exchange Discussions
> > Subject: RE: today's admin backwards virus
> >
> >
> > Good points Eric. That is exactly what we are doing with NAI's Webshield
> > SMTP. I should have mentioned that we are quarantining rather than
> > blocking
> > in the true sense.
> >
> > Ken Powell
> > Systems Administrator
> > Clark County Office of Budget and Information Services (OBIS)
> > Vancouver, Washington
> > [EMAIL PROTECTED]
> > Voice: (360) 397-6121 x4658
> > Fax: (360) 759-6001
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 19, 2001 9:29 AM
> > To: Exchange 5.5 List
> > Subject: RE: today's admin backwards virus
> >
> >
> > The nice thing about MAILsweeper for SMTP (and I'm assuming others - I
> > haven't used them) is that you can quarantine messages, not just block
> > them.
> > We had MAILsweeper quarantine all "suspicious" incoming content and send
> a
> > notification to the recipient that they had a message in quarantine.
> Our
> > policy was that any user could request a message be released to them, at
> > which point we (the admins) would review the message on a threat basis
> > only
> > and release at our discretion.
> >
> > A nice side benefit of this policy was that even though we were not
> > policing
> > the content of our incoming mail (impossible with 20,000+ recipients)
> the
> > users were under the impression that we may have been. So they were
> > telling
> > their buddies to stop sending them porn, executables, etc for fear that
> > they
> > were being watched.
> >
> > Eric
> >
> > On Wed, 19 Sep 2001 12:07:05 -0400, "Exchange Discussions"
> > <[EMAIL PROTECTED]> wrote:
> >
> > > Well, there's a fundamental problem we have here; we're a public
> > library,
> > > and freedom to write and receive email here is not to be impinged in
> any
> > > way. Even in blocking certain attachment types, I'm kind of stepping
> > over
> > > the line. So, in terms of filtering for any virus-related
> terminology,
> > I
> > > can probably get away with using software that filters for language.
> > But,
> > I
> > > will be told by management to turn it off if we attempt to do anything
> > that
> > > restricts anything else. That's why I mentioned that it was not of
> > great
> > > concern.
> > >
> > > Matt
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, September 19, 2001 12:02 PM
> > > To: Exchange Discussions
> > > Subject: RE: today's admin backwards virus
> > >
> > >
> > > Blocking for certain words is an important part of filtering for
> viruses
> > in
> > > my opinion.
> > >
> > > Ken Powell
> > > Systems Administrator
> > > Clark County Office of Budget and Information Services (OBIS)
> > > Vancouver, Washington
> > > [EMAIL PROTECTED]
> > > Voice: (360) 397-6121 x4658
> > > Fax: (360) 759-6001
> > >
> > >
> > > -----Original Message-----
> > > From: Matt Hoffman [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, September 19, 2001 9:00 AM
> > > To: Exchange 5.5 List
> > > Subject: RE: today's admin backwards virus
> > >
> > >
> > > So, does anyone have a strong opinion on what filtering software to
> use?
> > We
> > > haven't done anything along those lines before (hell, we didn't have
> > > antivirus until last year). I just want to use it for blocking
> > attachments;
> > > we don't care about abilities relating to disclaimers or scanning for
> > > certain language/words. Any opinions would help.
> > >
> > > Thanks!
> > >
> > > Matt
> > >
> > > -----Original Message-----
> > > From: Waters, Jeff [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, September 19, 2001 11:33 AM
> > > To: Exchange Discussions
> > > Subject: RE: today's admin backwards virus
> > >
> > >
> > > Jennifer,
> > > Most everyone has already hit on the obvious, most of us use the
> > auto-update
> > > feature from the A/V product of our choosing. Then we go the extra
> step
> > and
> > > use some sort of filtering, be it at the fire wall or just simple
> > attachment
> > > blocking in our e-mail server A/V product. Here I block
> > > .exe;.vbs;.eml;.shs;.lnk attachments from even getting through the
> > e-mail
> > > server. Take what has happened to your site up the ladder as a reason
> > to
> > > put all this stuff in place! You might get some resistance, and even
> > some
> > > complaints, however every time one of these things happens the efforts
> > you
> > > have made will be seen and will be appreciated. TrueSecure
> > > www.trusecure.com has some good white papers on what types of
> > attachments
> > > you should be, or at least thinking about blocking.
> > >
> > > Oh, the other thing we did was, well we threw IIS right out the
> > window!!!!!!
> > >
> > > Good Luck
> > >
> > > Jeffrey R. Waters
> > > Senior Systems Engineer
> > > Information Technology, Hanover County
> > >
> > >
> > > -----Original Message-----
> > > From: Jennifer Baker [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, September 19, 2001 6:10 AM
> > > To: Exchange Discussions
> > > Subject: today's admin backwards virus
> > >
> > >
> > > I was just noticing that most of the gurus of the list had plenty of
> > time
> > > to respond to the list regarding various questions. Am I missing
> > > something?
> > >
> > > I have been updating virus software, scanning mailboxes, patching
> > iis/owa
> > > servers etc. all night. We were hit externally, but we only had to
> > > restore one webserver (although it was similiar to a slightly
> compressed
> > > support.microsoft.com). Is there some
> > > secret to this sh*t that you are keeping from me regarding quick draw
> > > administration or is this something you pawn off to others?
> > >
> > > I will compensate for information. (Depending on
> > > validity.)
> > >
> > > I'm not jealous or bitter, btw...not.
> > >
> > > Jennifer Baker
> > > Fluke Corporation
> > > http://www.fluke.com
> > > http://www.flukenetworks.com
> > > mailto:[EMAIL PROTECTED]
> > >
> > >
> > > _________________________________________________________________
> > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > > Archives: http://www.swynk.com/sitesearch/search.asp
> > > To unsubscribe: mailto:[EMAIL PROTECTED]
> > > Exchange List admin: [EMAIL PROTECTED]
> > >
> > > _________________________________________________________________
> > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > > Archives: http://www.swynk.com/sitesearch/search.asp
> > > To unsubscribe: mailto:[EMAIL PROTECTED]
> > > Exchange List admin: [EMAIL PROTECTED]
> > >
> > > _________________________________________________________________
> > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > > Archives: http://www.swynk.com/sitesearch/search.asp
> > > To unsubscribe: mailto:[EMAIL PROTECTED]
> > > Exchange List admin: [EMAIL PROTECTED]
> > >
> > > _________________________________________________________________
> > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > > Archives: http://www.swynk.com/sitesearch/search.asp
> > > To unsubscribe: mailto:[EMAIL PROTECTED]
> > > Exchange List admin: [EMAIL PROTECTED]
> > >
> > > _________________________________________________________________
> > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > > Archives: http://www.swynk.com/sitesearch/search.asp
> > > To unsubscribe: mailto:[EMAIL PROTECTED]
> > > Exchange List admin: [EMAIL PROTECTED]
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe: mailto:[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe: mailto:[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Archives: http://www.swynk.com/sitesearch/search.asp
> > To unsubscribe: mailto:[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
