RE: [Declude.Virus] MS Security Patch Emails
Well, I have upgraded to 3.14, but still see TONS of these viruses getting through. Please help if you can... Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler Sent: Wednesday, October 01, 2003 5:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MS Security Patch Emails No wonder I'm still getting slammed with systems trying to send this virus to my users. This was a big thread back in July. F-Prot was only catching the Blaster worm if it tried to run (Desktop Real Time). But it was not detected in the scanning of email even after the definition file updates. F-Prot released 3.14a to fix this in the actual engine. I was blocking it by banned file extensions! So this was another valid reason to block certain extensions. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MS Security Patch Emails
Chad, Is there any reason why you can't filter on common virus extensions. This will cutdown on many viruses. It is common practice not to accept exe, com, bat, pif, scr, and the list goes on... Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Well, I have upgraded to 3.14, but still see TONS of these viruses getting through. Please help if you can... Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler Sent: Wednesday, October 01, 2003 5:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MS Security Patch Emails No wonder I'm still getting slammed with systems trying to send this virus to my users. This was a big thread back in July. F-Prot was only catching the Blaster worm if it tried to run (Desktop Real Time). But it was not detected in the scanning of email even after the definition file updates. F-Prot released 3.14a to fix this in the actual engine. I was blocking it by banned file extensions! So this was another valid reason to block certain extensions. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MS Security Patch Emails
We have never filtered EXE before, so it would just cause too many problems to do this now. We have well over 25 thousand customers using this server, and I hate to spring something like that on them. The others, sure, we can exclude those, but just don't want to do EXE. Thanks. Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Thursday, October 02, 2003 10:14 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad, Is there any reason why you can't filter on common virus extensions. This will cutdown on many viruses. It is common practice not to accept exe, com, bat, pif, scr, and the list goes on... Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Well, I have upgraded to 3.14, but still see TONS of these viruses getting through. Please help if you can... Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler Sent: Wednesday, October 01, 2003 5:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MS Security Patch Emails No wonder I'm still getting slammed with systems trying to send this virus to my users. This was a big thread back in July. F-Prot was only catching the Blaster worm if it tried to run (Desktop Real Time). But it was not detected in the scanning of email even after the definition file updates. F-Prot released 3.14a to fix this in the actual engine. I was blocking it by banned file extensions! So this was another valid reason to block certain extensions. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] MS Security Patch Emails
I would suggest a notification to users telling them that as of X date, the e-mail system will no longer accept/transmit e-mails that have .exe/.bat/or whatever extentions attached. Then give them a breif, and honest explanation of the risks that it poses them and you. You can even include information on how to continue to send these files, but in a faster way (zip) Keeping up front and honest with your customers will always result in better satisfaction. You are perceived as looking out for them. Jason - Original Message - From: Chad Killion [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 02, 2003 10:36 AM Subject: RE: [Declude.Virus] MS Security Patch Emails We have never filtered EXE before, so it would just cause too many problems to do this now. We have well over 25 thousand customers using this server, and I hate to spring something like that on them. The others, sure, we can exclude those, but just don't want to do EXE. Thanks. Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Thursday, October 02, 2003 10:14 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad, Is there any reason why you can't filter on common virus extensions. This will cutdown on many viruses. It is common practice not to accept exe, com, bat, pif, scr, and the list goes on... Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Well, I have upgraded to 3.14, but still see TONS of these viruses getting through. Please help if you can... Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler Sent: Wednesday, October 01, 2003 5:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MS Security Patch Emails No wonder I'm still getting slammed with systems trying to send this virus to my users. This was a big thread back in July. F-Prot was only catching the Blaster worm if it tried to run (Desktop Real Time). But it was not detected in the scanning of email even after the definition file updates. F-Prot released 3.14a to fix this in the actual engine. I was blocking it by banned file extensions! So this was another valid reason to block certain extensions. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MS Security Patch Emails
Hmm, I'd just send out an e-mail stating that due to recent influx of virus's and virus's contained within EXE files, you're updating the mail server security policy. Then state that beginning %on this date% the following file extensions will be blocked: yadda-yadda-yadda. Most will be angry that you're doing this, but ask them to zip the files if they wish for them to be sent. I know about the customer support aspect of it, but if you explain that you're watching out for their well-being from a possible virus infection stand-point, a lot will see your point and that'll be the end of it. Sometimes it's good to be the administrator.. Hahaha -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 11:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails We have never filtered EXE before, so it would just cause too many problems to do this now. We have well over 25 thousand customers using this server, and I hate to spring something like that on them. The others, sure, we can exclude those, but just don't want to do EXE. Thanks. Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Thursday, October 02, 2003 10:14 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad, Is there any reason why you can't filter on common virus extensions. This will cutdown on many viruses. It is common practice not to accept exe, com, bat, pif, scr, and the list goes on... Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Well, I have upgraded to 3.14, but still see TONS of these viruses getting through. Please help if you can... Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler Sent: Wednesday, October 01, 2003 5:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MS Security Patch Emails No wonder I'm still getting slammed with systems trying to send this virus to my users. This was a big thread back in July. F-Prot was only catching the Blaster worm if it tried to run (Desktop Real Time). But it was not detected in the scanning of email even after the definition file updates. F-Prot released 3.14a to fix this in the actual engine. I was blocking it by banned file extensions! So this was another valid reason to block certain extensions. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MS Security Patch Emails
If you don't start to block these dangerous extensions it's just going to continue to cause you problems in the future. My users where not happy at first but after I explained why they were all more than happy to help fight the spread of viruses. Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Newland Sent: Thursday, October 02, 2003 12:00 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MS Security Patch Emails I would suggest a notification to users telling them that as of X date, the e-mail system will no longer accept/transmit e-mails that have .exe/.bat/or whatever extentions attached. Then give them a breif, and honest explanation of the risks that it poses them and you. You can even include information on how to continue to send these files, but in a faster way (zip) Keeping up front and honest with your customers will always result in better satisfaction. You are perceived as looking out for them. Jason - Original Message - From: Chad Killion [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 02, 2003 10:36 AM Subject: RE: [Declude.Virus] MS Security Patch Emails We have never filtered EXE before, so it would just cause too many problems to do this now. We have well over 25 thousand customers using this server, and I hate to spring something like that on them. The others, sure, we can exclude those, but just don't want to do EXE. Thanks. Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Thursday, October 02, 2003 10:14 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad, Is there any reason why you can't filter on common virus extensions. This will cutdown on many viruses. It is common practice not to accept exe, com, bat, pif, scr, and the list goes on... Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Well, I have upgraded to 3.14, but still see TONS of these viruses getting through. Please help if you can... Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler Sent: Wednesday, October 01, 2003 5:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MS Security Patch Emails No wonder I'm still getting slammed with systems trying to send this virus to my users. This was a big thread back in July. F-Prot was only catching the Blaster worm if it tried to run (Desktop Real Time). But it was not detected in the scanning of email even after the definition file updates. F-Prot released 3.14a to fix this in the actual engine. I was blocking it by banned file extensions! So this was another valid reason to block certain extensions. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com
RE: [Declude.Virus] MS Security Patch Emails
Well, I have upgraded to 3.14, but still see TONS of these viruses getting through. Please help if you can... Have you checked to see that: [1] They actually have an .exe (or similar) attachment? [2] The attachment is not 0 bytes? [3] The attachment is complete, and not truncated? Any E-mails that don't meet those three requirements will normally not get caught (as they are safe, just annoying). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MS Security Patch Emails
What is the best way to exclude these in your opinion??? Can Declude do it, or Imail? Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, October 02, 2003 1:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad, exe is the absolute first extension that should be banned. In the three years I have been doing this, I have had a handful of complaints about this. Once I explained the reason, they agreed. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 8:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails We have never filtered EXE before, so it would just cause too many problems to do this now. We have well over 25 thousand customers using this server, and I hate to spring something like that on them. The others, sure, we can exclude those, but just don't want to do EXE. Thanks. Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Thursday, October 02, 2003 10:14 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad, Is there any reason why you can't filter on common virus extensions. This will cutdown on many viruses. It is common practice not to accept exe, com, bat, pif, scr, and the list goes on... Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Well, I have upgraded to 3.14, but still see TONS of these viruses getting through. Please help if you can... Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler Sent: Wednesday, October 01, 2003 5:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MS Security Patch Emails No wonder I'm still getting slammed with systems trying to send this virus to my users. This was a big thread back in July. F-Prot was only catching the Blaster worm if it tried to run (Desktop Real Time). But it was not detected in the scanning of email even after the definition file updates. F-Prot released 3.14a to fix this in the actual engine. I was blocking it by banned file extensions! So this was another valid reason to block certain extensions. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MS Security Patch Emails
With Declude Virus. In the Virus.cfg file, for each banned extension, you have a line like so: BANEXT exe BANEXT pif And so forth. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 1:31 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails What is the best way to exclude these in your opinion??? Can Declude do it, or Imail? Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, October 02, 2003 1:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad, exe is the absolute first extension that should be banned. In the three years I have been doing this, I have had a handful of complaints about this. Once I explained the reason, they agreed. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 8:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails We have never filtered EXE before, so it would just cause too many problems to do this now. We have well over 25 thousand customers using this server, and I hate to spring something like that on them. The others, sure, we can exclude those, but just don't want to do EXE. Thanks. Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Thursday, October 02, 2003 10:14 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad, Is there any reason why you can't filter on common virus extensions. This will cutdown on many viruses. It is common practice not to accept exe, com, bat, pif, scr, and the list goes on... Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Well, I have upgraded to 3.14, but still see TONS of these viruses getting through. Please help if you can... Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler Sent: Wednesday, October 01, 2003 5:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MS Security Patch Emails No wonder I'm still getting slammed with systems trying to send this virus to my users. This was a big thread back in July. F-Prot was only catching the Blaster worm if it tried to run (Desktop Real Time). But it was not detected in the scanning of email even after the definition file updates. F-Prot released 3.14a to fix this in the actual engine. I was blocking it by banned file extensions! So this was another valid reason to block certain extensions. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
RE: [Declude.Virus] MS Security Patch Emails
So with that done, what does the user sending the executable get? Do they get a returned email with an error, and if so, would you be so kind as to show me what message you show people. I just hate to jump in blind, if someone already has it figured out. Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, October 02, 2003 3:58 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails With Declude Virus. In the Virus.cfg file, for each banned extension, you have a line like so: BANEXT exe BANEXT pif And so forth. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 1:31 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails What is the best way to exclude these in your opinion??? Can Declude do it, or Imail? Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, October 02, 2003 1:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad, exe is the absolute first extension that should be banned. In the three years I have been doing this, I have had a handful of complaints about this. Once I explained the reason, they agreed. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 8:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails We have never filtered EXE before, so it would just cause too many problems to do this now. We have well over 25 thousand customers using this server, and I hate to spring something like that on them. The others, sure, we can exclude those, but just don't want to do EXE. Thanks. Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Thursday, October 02, 2003 10:14 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad, Is there any reason why you can't filter on common virus extensions. This will cutdown on many viruses. It is common practice not to accept exe, com, bat, pif, scr, and the list goes on... Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Well, I have upgraded to 3.14, but still see TONS of these viruses getting through. Please help if you can... Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler Sent: Wednesday, October 01, 2003 5:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] MS Security Patch Emails No wonder I'm still getting slammed with systems trying to send this virus to my users. This was a big thread back in July. F-Prot was only catching the Blaster worm if it tried to run (Desktop Real Time). But it was not detected in the scanning of email even after the definition file updates. F-Prot released 3.14a to fix this in the actual engine. I was blocking it by banned file extensions! So this was another valid reason to block certain extensions. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses
RE: [Declude.Virus] MS Security Patch Emails
Chad: This is what we have in our virus.cfg file. No regrets and no apologies for blocking them. We think of this as a fact of life... BANEXT asp BANEXT bas BANEXT bat BANEXT CEO BANEXT chm BANEXT cmd BANEXT com BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT msi BANEXT mst BANEXT pcd BANEXT pif BANEXT reg BANEXT scr BANEXT url BANEXT vbe BANEXT vbs BANEXT ws BANEXT wsh BANEXT ad BANEXT adp BANEXT crt BANEXT ins BANEXT mdb BANEXT mde BANEXT msc BANEXT msp BANEXT sct BANEXT shb BANEXT vb BANEXT wsc BANEXT wsf BANEXT cpl BANEXT shs BANEXT vsd BANEXT vst BANEXT vss BANEXT vsw This has been discussed in the list a while back and there are links on Microsoft web site that explains most of these.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 4:31 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails What is the best way to exclude these in your opinion??? Can Declude do it, or Imail? Chad --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MS Security Patch Emails
Ok thanks, but what does a user who sends this type of ext get from our server? Is there some sort of eml file I need to add? Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Thursday, October 02, 2003 4:22 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad: This is what we have in our virus.cfg file. No regrets and no apologies for blocking them. We think of this as a fact of life... BANEXT asp BANEXT bas BANEXT bat BANEXT CEO BANEXT chm BANEXT cmd BANEXT com BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT msi BANEXT mst BANEXT pcd BANEXT pif BANEXT reg BANEXT scr BANEXT url BANEXT vbe BANEXT vbs BANEXT ws BANEXT wsh BANEXT ad BANEXT adp BANEXT crt BANEXT ins BANEXT mdb BANEXT mde BANEXT msc BANEXT msp BANEXT sct BANEXT shb BANEXT vb BANEXT wsc BANEXT wsf BANEXT cpl BANEXT shs BANEXT vsd BANEXT vst BANEXT vss BANEXT vsw This has been discussed in the list a while back and there are links on Microsoft web site that explains most of these.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 4:31 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails What is the best way to exclude these in your opinion??? Can Declude do it, or Imail? Chad --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] MS Security Patch Emails
If you look at the manual site you will the email called: Bannotify.eml That is what is sent when a banned extension is sent. I will send you a copy off list of what we have. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 5:30 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Ok thanks, but what does a user who sends this type of ext get from our server? Is there some sort of eml file I need to add? Chad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Thursday, October 02, 2003 4:22 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails Chad: This is what we have in our virus.cfg file. No regrets and no apologies for blocking them. We think of this as a fact of life... BANEXT asp BANEXT bas BANEXT bat BANEXT CEO BANEXT chm BANEXT cmd BANEXT com BANEXT exe BANEXT hlp BANEXT hta BANEXT inf BANEXT isp BANEXT js BANEXT jse BANEXT lnk BANEXT msi BANEXT mst BANEXT pcd BANEXT pif BANEXT reg BANEXT scr BANEXT url BANEXT vbe BANEXT vbs BANEXT ws BANEXT wsh BANEXT ad BANEXT adp BANEXT crt BANEXT ins BANEXT mdb BANEXT mde BANEXT msc BANEXT msp BANEXT sct BANEXT shb BANEXT vb BANEXT wsc BANEXT wsf BANEXT cpl BANEXT shs BANEXT vsd BANEXT vst BANEXT vss BANEXT vsw This has been discussed in the list a while back and there are links on Microsoft web site that explains most of these.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Killion Sent: Thursday, October 02, 2003 4:31 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] MS Security Patch Emails What is the best way to exclude these in your opinion??? Can Declude do it, or Imail? Chad --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.