Until someone figures out the trick. Then the bad.exe comes in as good.exe. Don't open the door even a little; keep it closed and locked. Use alternative methods.
----- Original Message ----- From: "Durkee, Peter" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, October 18, 2002 1:40 PM Subject: RE: Vendors AV and attachment exceptions > I think Antigen could be set to allow the "good" exes through if they all have a similar pattern to the file name. For instance if they have names like GOODFILE0023.EXE you could add an entry in the file filter for GOODFILE*.EXE and have it skip those. > > -Peter > > > -----Original Message----- > From: Mellott, Bill [mailto:bmellott@;SND.com] > Sent: Friday, October 18, 2002 11:29 > To: Exchange Discussions > Subject: RE: Vendors AV and attachment exceptions > > > Thanks All.. > yeah it's all what I though...I was hoping maybe someone had a reg > hack/feature for other vendors AV > to make exceptions of EXE's etc... (yes this thing exists for may present AV > vendor but am not overly fond of them...) > > Now to ponder which AV...test..test..test > > Thanks! > bill > > -----Original Message----- > From: King, Arron S. [mailto:kinga@;ohiodominican.edu] > Sent: Friday, October 18, 2002 2:19 PM > To: Exchange Discussions > Subject: RE: Vendors AV and attachment exceptions > > > Bill we had the same condundrum for a while. We actually use 2 different > A/Vs for smtp. Symantec's gateway is ouri nbound smtp router, and then > symantec's AV for Exchange. > > We configured the gateway to block exe's, and left the internal alone. That > is, until one of our bright users (who against policy) configured outlook to > look at a pop3 as well our exchange box. > > Then when the next exe-based virus struck, we got blasted. Now we don't > allow them anywhere - and haven't had an outbreak since. > > It's very easy to setup an FTP/HTTP server and have them e-mail a URL... > That what we do for our faculty who need to send exe's out. > > They could also rename the extension... > > Good Luck! > > Arron > > > ======================================= > Arron S. King > Network & Systems Administrator > Ohio Dominican University > > [EMAIL PROTECTED] > v: 614.251.4515 > f: 614.252.2650 > > > > -----Original Message----- > From: Mellott, Bill [mailto:bmellott@;SND.com] > Sent: Friday, October 18, 2002 1:09 PM > To: Exchange Discussions > Subject: Vendors AV and attachment exceptions > > > Pondering new AV for Exch.... > > Running a AV for exchange (chose your favorite vendor..insert here) > and implementing Martins list of death...As I do and suspect many here do > similar....or something similar... > > SO I pose this: > say you set your AV to block/strip EXE attachments on your exchange box.. .. > OK so this = good....safer..etc... > Now if you have say an app on your system which sends out a EXE..what have > you.. (say a fax program for the viewer etc..) > > My Question is What do you others do with your AV on Exchnage to allow this > EXE to go out but not allow all the > other bad EXE's to get thru????????????? > > Why? I contemplating replacing my current AV vendor...and have looked at > some others BUT it would appear None of > the others have the ability to make exceptions for identified EXE's > > And I wondering what anybody else does.... > > 2 cent would be appreciated. > > thanks > bill > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:leave-exchange@;ls.swynk.com > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:leave-exchange@;ls.swynk.com > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:leave-exchange@;ls.swynk.com > Exchange List admin: [EMAIL PROTECTED] > > ______________________________________________ > This message is private or privileged. If you are not the > person for whom this message is intended, please delete it > and notify me immediately, and please do not copy or send > this message to anyone else. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:leave-exchange@;ls.swynk.com > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:leave-exchange@;ls.swynk.com Exchange List admin: [EMAIL PROTECTED]
