Definitely need to be zipped up. Especially since all scanmail versions since 3.7 scan the headers of files so you can't even rename a file's extension anymore. Also the AVAPI mode was known to miss files (not sure if this was ever fixed since trend did switch the way they scan in 5.5) if it ever got overloaded. The good thing about the latest scanmail is that it scans outgoing email also since it hits the store first before being sent. I believe trend has a .dll that sits in memory (ESE API mode) and scans store writing so you won't have the MAPI problem either. We've been running the new mode since 3.7 (currently on 3.8) and haven't had any problems with corruption or anything.
-----Original Message----- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 12:25 PM To: Exchange Discussions Subject: Re: ScanMail missing tricks? Sometimes users get sent legitimate executables, they get blocked because of the extention, so I have to copy it to a share for them to retrieve it - I'm then reliant on the AV on my desktop, what I'd prefer is for the virus checker to say "is it infected" before it looks at whether it should quarantine that sort of file. Maybe I'm looking at it the wrong way, but that's just how I'd like it to work - in fairness with 3.81 they're most of the way there with the integrated quarantine manager section. regards paul ----- Original Message ----- From: "Ward, Stuart" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, June 06, 2003 5:06 PM Subject: RE: ScanMail missing tricks? > Why would it need to? > > -----Original Message----- > From: Paul Hutchings [mailto:[EMAIL PROTECTED] > Sent: Friday, June 06, 2003 11:58 AM > To: Exchange Discussions > Subject: RE: ScanMail missing tricks? > > > No problems here with 3.81 - one thing I wish it did do was to scan > attachments blocked by extention blocking - we've had loads of bugbears > quarantined for being .exe's , but it doesn't seem to actually scan them as > well. > > regards, > Paul > -- > Paul Hutchings > Network Administrator, MIRA Ltd. > Tel: 024 7635 5378, Fax: 024 7635 8378 > mailto:[EMAIL PROTECTED] > > > -----Original Message----- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > Sent: 06 June 2003 15:46 > > To: Exchange Discussions > > Subject: RE: ScanMail missing tricks? > > > > > > You might want to consider upgrading to Scanmail 3.81. I believe it > > functions a LOT better. > > > > -------------------------------------------------------------- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -----Original Message----- > > > From: Tim Gowen [mailto:[EMAIL PROTECTED] > > > Sent: Friday, June 06, 2003 10:25 AM > > > To: Exchange Discussions > > > Subject: ScanMail missing tricks? > > > > > > > > > > > > A user got an infected attachment right to her Inbox, which > > > doesn't ever happen here since we started using ScanMail. I > > > have ScanMail 3.52 (Exch 5.5 > > > SP4) blocking all the attachments on the List of Danger, and > > > yet this BUGBEAR.B file - QABACKUP.EXE.SCR - got through to > > > the Inbox. A Manual scan showed up six other virus-infected > > > attachments which had apparently got through. But the manual > > > scan does not pick up the file I just mentioned, which is now > > > in my Deleted Items. A copy is on my hard drive and Sophos > > > AntiVirus also doesn't detect it. > > > > > > Is it possible that ScanMail misses out on some messages if > > > several arrive at once, or is there another more likely > > > solution? I have sent the file to Trend and Sophos to see > > > what they say, but the attachment blocking was, I thought, > > > non-negotiable and always works. Luckily I badger my users > > > about the danger of attachments on a fairly regular basis. > > > > > > > > > Tim > > > > > > -- > > > Tim Gowen > > > RAF Museum > > > IT Dept. > > > > > > > > > Confidentiality: This e-mail and its attachments are intended > > > for the above named only and may be confidential. If they > > > have come to you in error you must take no action based on > > > them, nor must you copy or show them to anyone; please reply > > > to this e-mail and highlight the error. > > > > > > Security Warning: Please note that this e-mail has been > > > created in the knowledge that Internet e-mail is not a 100% > > > secure communications medium. We advise that you understand > > > and observe this lack of security when e-mailing us. > > > > > > Viruses: Although we have taken steps to ensure that this > > > e-mail and attachments are free from any virus, we advise > > > that in keeping with good computing practice the recipient > > > should take steps to confirm that they are actually virus free. > > > > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang=english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > Confidentiality Notice: The information contained in this e-mail and any > attachments may be legally privileged and confidential. If you are not an > intended recipient, you are hereby notified that any dissemination, > distribution or copying of this e-mail is strictly prohibited. If you have > received this e-mail in error, please notify the sender and permanently > delete the e-mail and any attachments immediately. You should not retain, > copy or use this e-mail or any attachment for any purpose, nor disclose all > or any part of the contents to any other person. > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] Confidentiality Notice: The information contained in this e-mail and any attachments may be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
