NAVMSE 2.5 run only on E2K. -----Original Message----- From: Ropiak Steve - NAO Florence Office IT [mailto:[EMAIL PROTECTED]] Sent: 26 April 2002 19:57 To: MS-Exchange Admin Issues Subject: RE: NAV for Exchange
NAV 2.5 (up to and including 5.5 SP4) was dual mode MAPI and/or AVAPI and still sieve-like when it came to stopping viri. mit freundlichen Grüßen,(Best Regards), Steve Ropiak ZF Group NAO CERT, Exchange Administrator (207) 989-9115 voice (207) 989-8722 fax (513) 314-0197 cell [EMAIL PROTECTED] -----Original Message----- From: Patrick Rouse [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 5:30 PM To: MS-Exchange Admin Issues Subject: RE: NAV for Exchange NAV for Exchange hasn't been MAPI based in quite a while, like 2.0 and pre 5.5 SP4. for Exchange 2000 it uses VSAPI 2.0 > This message is in MIME format. Since your mail reader does not > understand this format, some or all of this message may not be > legible. > > ------_=_NextPart_001_01C1EC45.4CB08560 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > With MAPI based AV (like NAV) there is a timing gotcha. If Outlook = > goes to grab mail at or around the same time it hits the mailbox, NAV > may not = get a > chance to look at it or clean it before Outlook drags it down to the = > PST. I > have seen it (during a couple of our virus attacks) let virused files > through to the client totally untouched. It did catch 99.9% of them, = > but > all it took was one virused attachment getting through to an = > unsuspecting > user . . . > =20 > =20 > mit freundlichen Gr=FC=DFen,(Best Regards),=20 > Steve Ropiak =20 > ZF Group NAO=20 > CERT, Exchange Administrator=20 > (207) 989-9115 voice=20 > (207) 989-8722 fax=20 > (513) 314-0197 cell=20 > [EMAIL PROTECTED] > -----Original Message----- > From: Ben Ong [mailto:[EMAIL PROTECTED]]=20 > Sent: Wednesday, April 24, 2002 9:14 PM > To: MS-Exchange Admin Issues > Subject: NAV for Exchange > > > =20 > Anyone having this problem, the nav for exchange detected the virus = > email and said was deleted. > But it still send the infected emails to the recipient. > =20 > Subject of the message: Let's be friends > One or more attachments were deleted. > Attachment Status.bat was Deleted for the following reasons: > Virus W32.Klez.gen@mm was found. > =20 > Please help > =20 > =20 > Ben Ong > Thanks > =20 > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > > ATTENTION! The information contained in this E-mail may be > CONFIDENTIAL = and PRIVILEGED. It is intended for individual or entity > named above. If you = are > not the intended recipient, please be notified that any use, review, > distribution or copying of this E-mail is strictly prohibited. If you = > have > received this E-mail by error, please delete it and notify the sender > immediately. Thank you.=20 > > ------_=_NextPart_001_01C1EC45.4CB08560 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML > xmlns=3D"http://www.w3.org/TR/REC-html40"; xmlns:o =3D=20 > "urn:schemas-microsoft-com:office:office" xmlns:w =3D=20 > "urn:schemas-microsoft-com:office:word"><HEAD> > <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = > charset=3Diso-8859-1"> <TITLE>Message</TITLE> > > <META content=3DWord.Document name=3DProgId> > <META content=3D"MSHTML 6.00.2715.400" name=3DGENERATOR> <META > content=3D"Microsoft Word 9" name=3DOriginator><LINK=20 > href=3D"cid:[EMAIL PROTECTED]"; rel=3DFile-List><!--[if > gte = mso 9]><xml> <o:OfficeDocumentSettings> > <o:DoNotRelyOnCSS/> > </o:OfficeDocumentSettings> > </xml><![endif]--><!--[if gte mso 9]><xml> > <w:WordDocument> > <w:View>Normal</w:View> > <w:Zoom>0</w:Zoom> > <w:DocumentKind>DocumentEmail</w:DocumentKind> > <w:EnvelopeVis/> > <w:DrawingGridHorizontalSpacing>5 pt</w:DrawingGridHorizontalSpacing> > = > <w:DisplayHorizontalDrawingGridEvery>2</w:DisplayHorizontalDrawingGridEv= > ery> > = > <w:DisplayVerticalDrawingGridEvery>2</w:DisplayVerticalDrawingGridEver > y>= > > <w:Compatibility> > <w:UseFELayout/> > </w:Compatibility> > </w:WordDocument> > </xml><![endif]--> > <STYLE>@font-face { > font-family: SimSun; > } > @font-face { > font-family: @SimSun; > } > @page Section1 {size: 595.45pt 841.7pt; margin: 72.0pt 66.95pt 72.0pt > = 89.85pt; mso-header-margin: 36.0pt; mso-footer-margin: 36.0pt; = > mso-paper-source: 0; } > P.MsoNormal { > FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Arial; = > mso-ansi-language: EN-GB; mso-style-parent: ""; mso-pagination: = > widow-orphan; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: = > SimSun; mso-fareast-language: ZH-CN } > LI.MsoNormal { > FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Arial; = > mso-ansi-language: EN-GB; mso-style-parent: ""; mso-pagination: = > widow-orphan; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: = > SimSun; mso-fareast-language: ZH-CN > } > DIV.MsoNormal { > FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Arial; = > mso-ansi-language: EN-GB; mso-style-parent: ""; mso-pagination: = > widow-orphan; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: = > SimSun; mso-fareast-language: ZH-CN > } > P.MsoAutoSig { > FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Arial; = > mso-ansi-language: EN-GB; mso-pagination: widow-orphan; = > mso-bidi-font-size: 12.0pt; mso-fareast-font-family: SimSun; = > mso-fareast-language: ZH-CN > } > LI.MsoAutoSig { > FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Arial; = > mso-ansi-language: EN-GB; mso-pagination: widow-orphan; = > mso-bidi-font-size: 12.0pt; mso-fareast-font-family: SimSun; = > mso-fareast-language: ZH-CN > } > DIV.MsoAutoSig { > FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Arial; = > mso-ansi-language: EN-GB; mso-pagination: widow-orphan; = > mso-bidi-font-size: 12.0pt; mso-fareast-font-family: SimSun; = > mso-fareast-language: ZH-CN > } > SPAN.EmailStyle15 { > COLOR: black; mso-style-type: personal-compose; mso-ansi-font-size: = > 10.0pt; mso-ascii-font-family: Arial; mso-hansi-font-family: Arial; = > mso-bidi-font-family: Arial > } > DIV.Section1 { > page: Section1 > } > </STYLE> > </HEAD> > <BODY lang=3DEN-US style=3D"tab-interval: 36.0pt"> > <DIV><SPAN class=3D132043210-25042002><FONT face=3DArial = > color=3D#0000ff size=3D2>With=20 > MAPI based AV (like NAV) there is a timing gotcha. If Outlook = > goes to grab=20 > mail at or around the same time it hits the mailbox, NAV may not get a = > chance to=20 > look at it or clean it before Outlook drags it down to the PST. I = > have=20 > seen it (during a couple of our virus attacks) let virused files = > through to the=20 > client totally untouched. It did catch 99.9% of them, but all it = > took was=20 > one virused attachment getting through to an unsuspecting user . .=20 > .</FONT></SPAN></DIV> > <DIV> </DIV> > <DIV> </DIV> > <DIV align=3Dleft><B><I><FONT size=3D2> > <P align=3Dleft>mit freundlichen Gr=FC=DFen</FONT><FONT face=3D"Courier = > New"=20 > size=3D2>,</B></I>(Best Regards),</FONT><FONT face=3D"Times New Roman"> = > > <BR></FONT><FONT face=3DTahoma size=3D5>Steve Ropiak > </FONT><FONT = > > face=3D"Times New Roman"><BR></FONT><FONT face=3DArial size=3D2>ZF = > Group NAO=20 </FONT><FONT face=3D"Times New Roman"><BR></FONT><FONT > face=3DArial = size=3D2>CERT,=20 > Exchange Administrator</FONT><FONT face=3D"Times New Roman"> = > <BR></FONT><FONT=20 > face=3DArial size=3D2>(207) 989-9115 voice</FONT><FONT face=3D"Times = > New Roman">=20 > <BR></FONT><FONT face=3DArial size=3D2>(207) 989-8722 fax</FONT><FONT=20 > face=3D"Times New Roman"> <BR></FONT><FONT face=3DArial size=3D2>(513) = > 314-0197=20 > cell</FONT><FONT face=3D"Times New Roman"> </P></FONT><FONT = > face=3DArial size=3D2> > <P>[EMAIL PROTECTED]</P></FONT></DIV> > <BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px"> > <DIV></DIV> > <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr = > align=3Dleft><FONT=20 > face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B> Ben = > Ong=20 > [mailto:[EMAIL PROTECTED]] <BR><B>Sent:</B> Wednesday, April 24, = > 2002 9:14=20 > PM<BR><B>To:</B> MS-Exchange Admin Issues<BR><B>Subject:</B> NAV for=20 > Exchange<BR><BR></FONT></DIV> > <DIV class=3DSection1> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN style=3D"FONT-SIZE: 10pt; mso-ansi-language: = > EN-US"><![if = > !supportEmptyParas]><![endif]> </SPAN></FONT></SPAN><SPAN=20 > class=3DEmailStyle15><FONT color=3Dblack><SPAN=20 > style=3D"mso-ansi-language: = > EN-US"><o:p></o:p></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN style=3D"FONT-SIZE: 10pt; mso-ansi-language: = > EN-US"><SPAN=20 > style=3D"mso-bidi-font-size: 12.0pt">Anyone having this problem, the = > nav for=20 > exchange detected the virus email and said was=20 > deleted.<o:p></o:p></SPAN></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN style=3D"FONT-SIZE: 10pt; mso-ansi-language: = > EN-US"><SPAN=20 > style=3D"mso-bidi-font-size: 12.0pt">But it still send the infected = > emails to=20 > the r</SPAN></SPAN></FONT></SPAN><FONT face=3D"Courier New" = > color=3Dblack><SPAN=20 > lang=3DEN-GB=20 > style=3D"COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US">ecipient.</SPAN></FONT><SPAN=20 > class=3DEmailStyle15><FONT color=3Dblack><SPAN=20 > style=3D"mso-ansi-language: = > EN-US"><o:p></o:p></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN style=3D"FONT-SIZE: 10pt; mso-ansi-language: = > EN-US"><![if = > !supportEmptyParas]><![endif]> </SPAN></FONT></SPAN><SPAN=20 > class=3DEmailStyle15><FONT color=3Dblack><SPAN=20 > style=3D"mso-ansi-language: = > EN-US"><o:p></o:p></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT=20 > face=3D"Courier New" color=3Dblack size=3D2><SPAN lang=3DEN-GB=20 > style=3D"FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US">Subject=20 > of the message:<SPAN style=3D"mso-spacerun: yes"> </SPAN>Let's = > be=20 > friends</SPAN></FONT><FONT face=3D"Courier New" color=3Dblack><SPAN = > lang=3DEN-GB=20 > style=3D"COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US; mso-color-alt: = > windowtext"><o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT=20 > face=3D"Courier New" color=3Dblack size=3D2><SPAN lang=3DEN-GB=20 > style=3D"FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US">One=20 > or more attachments were deleted.</SPAN></FONT><FONT face=3D"Courier = > New"=20 > color=3Dblack><SPAN lang=3DEN-GB=20 > style=3D"COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US; mso-color-alt: = > windowtext"><o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT=20 > face=3D"Courier New" color=3Dblack size=3D2><SPAN lang=3DEN-GB=20 > style=3D"FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US"><SPAN=20 > style=3D"mso-spacerun: yes"> </SPAN>Attachment Status.bat was = > Deleted for=20 > the following reasons:</SPAN></FONT><FONT face=3D"Courier New" = > color=3Dblack><SPAN=20 > lang=3DEN-GB=20 > style=3D"COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US; mso-color-alt: = > windowtext"><o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT=20 > face=3D"Courier New" color=3Dblack size=3D2><SPAN lang=3DEN-GB=20 > style=3D"FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US"><SPAN=20 > style=3D"mso-spacerun: yes"> </SPAN>Virus = > W32.Klez.gen@mm was=20 > found.</SPAN></FONT><FONT face=3D"Courier New" color=3Dblack><SPAN = > lang=3DEN-GB=20 > style=3D"COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US; mso-color-alt: = > windowtext"><o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT=20 > face=3D"Courier New" color=3Dblack size=3D2><SPAN lang=3DEN-GB=20 > style=3D"FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US"><![if = > !supportEmptyParas]><![endif]> </SPAN></FONT><FONT=20 > face=3D"Courier New" color=3Dblack><SPAN lang=3DEN-GB=20 > style=3D"COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US; mso-color-alt: = > windowtext"><o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN lang=3DEN-GB style=3D"FONT-SIZE: 10pt"><SPAN=20 > style=3D"mso-bidi-font-size: 12.0pt">Please=20 > help<o:p></o:p></SPAN></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN lang=3DEN-GB style=3D"FONT-SIZE: 10pt"><![if = > !supportEmptyParas]><![endif]> </SPAN><SPAN=20 > lang=3DEN-GB><o:p></o:p></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN lang=3DEN-GB style=3D"FONT-SIZE: 10pt"><![if = > !supportEmptyParas]><![endif]> </SPAN><SPAN=20 > lang=3DEN-GB><o:p></o:p></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN lang=3DEN-GB style=3D"FONT-SIZE: 10pt"><SPAN=20 > style=3D"mso-bidi-font-size: 12.0pt">Ben=20 > Ong<o:p></o:p></SPAN></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN lang=3DEN-GB style=3D"FONT-SIZE: 10pt"><SPAN=20 > style=3D"mso-bidi-font-size: = > 12.0pt">Thanks<o:p></o:p></SPAN></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN lang=3DEN-GB style=3D"FONT-SIZE: 10pt"><![if = > !supportEmptyParas]><![endif]> </SPAN><SPAN=20 > lang=3DEN-GB><o:p></o:p></SPAN></FONT></SPAN></P></DIV>List Charter = > and FAQ=20 > = > at:<BR>http://www.sunbelt-software.com/exchange_list_charter.htm<BR><BR>= > > <P><B><FONT face=3DArial size=3D2>ATTENTION! The information = > contained in this=20 > E-mail may be CONFIDENTIAL and PRIVILEGED. It is intended for = > individual or=20 > entity named above. If you are not the intended recipient, please be > = notified=20 > that any use, review, distribution or copying of this E-mail is = > strictly=20 > prohibited. If you have received this E-mail by error, please delete > = it and=20 > notify the sender immediately. Thank you.=20 > </FONT></B></P></BLOCKQUOTE> List Charter and FAQ at:<BR> http://www.sunbelt-software.com/exchange_list_charter.htm<BR> List Charter and FAQ at:<BR> http://www.sunbelt-software.com/exchange_list_charter.htm<BR> List Charter and FAQ at:<BR> http://www.sunbelt-software.com/exchange_list_charter.htm<BR> </BODY></HTML> > > ------_=_NextPart_001_01C1EC45.4CB08560-- ATTENTION! The information contained in this E-mail may be CONFIDENTIAL and PRIVILEGED. It is intended for individual or entity named above. If you are not the intended recipient, please be notified that any use, review, distribution or copying of this E-mail is strictly prohibited. If you have received this E-mail by error, please delete it and notify the sender immediately. Thank you.
