We use are using a product called Messaging Management System (MMS) from Tumbleweed Communications Corp (http://www.tumbleweed.com). This is a content scanner like Scanmail from Trend Micro. It checks the headers of the files rather than the file names so users can't circumvent the system. It performs many other functions like handling the encryption keys and encryption, content scanning, virus scanning, etc. We place it between Exchange and our firewall. It has a very flexible ruleset and can handle the exceptions you listed.
I also run Antigen on the Exchange servers just in case someone brings in a virus on a floppy or from a webmail site. I believe in multiple levels of protection, but also agree with Ed about technological solutions to administrative problems Steve Sauer Team Lead - Systems Operations NCI Information Systems, inc. Enterprise Technology Solutions Group WIPP Site, Carlsbad, NM http://www.wipp.ws -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 09, 2001 5:48 PM To: Exchange Discussions Subject: Filter Sets and Users trying to bypass them. I am experiencing a "high volume" of users attempting to bypass my filter set by renaming the extensions. For example, I filter *.exe and about 15 other extensions. However, the users got smart at one point and renamed the extension to *.txt. So, I had to start filtering *.txt files. I'm to the point where I'm about to start filtering everything using a default filter of *.* I probably won't be able to retain this policy for very long so I'm wondering how others have handled this problem? I would like to filter all attachments but be able to designate certain users to be able to send and receive certain files. Most Exchange AV software affects all users. I'm hoping to see something like this in the next build of Antigen (hint, hint). Anyway, have not looked at Exchange 2000 yet so I'm not sure if it addresses this type of issue or not. Any comments? BEM _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
