List Charter and FAQ at:-----Original Message-----
From: Matthew Carpenter [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 2:01 PM
To: MS-Exchange Admin Issues
Subject: RE: Oh man you are kidding...I would still like to know what client they prefer instead
-----Original Message-----
From: Siegfried Weber [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 4:00 PM
To: MS-Exchange Admin Issues
Subject: RE: Oh man you are kidding...I agree with you in all points. I just don't see a reason why tossing
Outlook now that it, as you mentioned, has been greatly improved to stop
such automated script execution attacks.Interesting enough KLEZ uses a completely new algorithm to spread
itself. It harvests e-mail addresses out of the browser local temporary
Internet file cache and sends e-mails with faked originator addresses
using it's own SMTP engine. How would it help to toss Outlook to get
around KLEZ?I am just awaiting the first .EXE viruses designed to infect a *NIX
machine by using the same algorithm KLEZ uses (harvesting e-mail
addresses from temporary files) and send them via it's own SMTP engine.Anybody knows how to program that?
<Siegfried />
> -----Original Message-----
> From: Steven Peck DNET [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 04, 2002 10:51 PM
> To: MS-Exchange Admin Issues
> Subject: RE: Oh man you are kidding...
>
> And once again the convenience vs. security debate is launched.
>
> The downside of Outlook was it's ability to execute some script
attacks
> from
> the preview pane. This is solved somewhat in later versions and
patches.
> And is defeated through a percentage of end-users inability to control
> their
> double-click. ANY OS that has file execution associations can be hit
by a
> virus. Both KDE and GNOME are building this functionality into their
> interface and as such will also be subject to this kind of attack.
>
> It is more effectively solved by preventing the executable type files
from
> passing through your server in the first place. If someone wants to
> an executable, they can zip it. At least then it is a two stage
process
> for
> infection and the local desktop anti-virus sw has a shot at the new
virus
> that your Exchange servers anti-virus missed. Even if an end user is
> infected (floppy, etc) they mail bomb's their own email box as the
server
> refuses to send those attachment types internally as well. I have yet
to
> see a legitimate reason to email an scr file in a corporate
environment.
> :)
>
> If it is vbs or js, then the developer can rename it as txt and assume
> that
> the recipient can rename it to vbs or js.
>
> As to alternative's to Outlook in asked about in another message.
> You can use Eudora, Netscape Mail, Pine, etc (POP3 or IMAP)...... You
just
> LOSE the Email/Calendaring integration function which is the primary
> appeal
> of the Exchange server in a business environment.
>
> Of course, I am aware of a company that has an Exchange server and
uses
> Outlook Express!?
>
> -sp
>
> -----Original Message-----
> From: Siegfried Weber [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 04, 2002 1:33 PM
> To: MS-Exchange Admin Issues
> Subject: RE: Oh man you are kidding...
>
>
> > It is what happens when people insist on using Outlook as their MUA.
>
> BS! You can get any type of virus if you open a mail and execute an
> attached
> file.
>
> <Siegfried />
>
> List Charter and FAQ at:
> http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
http://www.sunbelt-software.com/exchange_list_charter.htm
http://www.sunbelt-software.com/exchange_list_charter.htm
