RE: Exchange 2000 and OWA...logon.asp is gonzo?
Exchange 2000 has no need for a logon.asp page. Ed Crowley MCSE+I MVP Tech Consultant Compaq Computer "There are seldom good technological solutions to behavioral problems." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bryan Schlegel Sent: Monday, January 28, 2002 8:09 AM To: Exchange Discussions Subject: Exchange 2000 and OWA...logon.asp is gonzo? I know that Exchange 2000 OWA is not based on asphowever I just inherited an Exchange 2000 server, I looked for the logon.asp page, but can't seem to find it. MS doesn't seem to even mention it in Exchange 2000 OWA architecturethey mention how much you can customize it and to get the development kit for Exchange Server 2000, but haven't found any reference in there. MS talks about is direct access via http://mail/exchange/user ...I wish I did the original install, but that's how things go. I can't even find the generic OWA for EX 2000, am I missing something? I found a media plug in page, called "eminst.asp". Not even sure how to utilize that, but that is a topic for another thread...Right now my OWA goes directly to windows login prompt and I personally think that although this may be more secure that it is not user friendly at all. I have many users that get flustered when prompted this way. I am sorry for posting if this has been answered numerous times, but I feel like I have tried everywhere. Unfortunately a search for logon.asp and Exchange 2000 brings back many vague pages, mostly having to do with 5.5. If anyone could pass any documentation about this particular issue or what I can do to create a page for Exchange Server 2000, or where I can find examples it would be greatly appreciated. Thanks for any insight, Newbie to EX 2000 :) -Bryan _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Exchange 5.5 recovery
Did you restore the NT SAM? Ed Crowley MCSE+I MVP Tech Consultant Compaq Computer "There are seldom good technological solutions to behavioral problems." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Roger Smith Sent: Monday, January 28, 2002 8:18 PM To: Exchange Discussions Subject: Exchange 5.5 recovery Hi All I need some help with the following problem I have a client that had a total crash (we came in after the crash) of his server and has lost all of his exchange. There is only one item that this client requires and that is a public folder with all of his contact details for a news letter (2000 - 3000 Contacts). We managed to recover a copy of the priv.edb, pub.edb and dir.edb and build a new server with the old site name and organisation. we then ran eseutil and isinteg -patch and all seems to be OK The system attendant and the directory service started.(a good start) The problem is that when we run up the other services we get Event 9994 and error 2186 (both relate to logon issue) which is the service account and password are incorrect. We have changed the account to services and also to admin but to no avail. Anyone have any ideas on how to get this information back Thanks Roger Smith Technical Support Manager OfficePCs 10 Cape Street Dickson Phone : 62579111 Fax: 62579004 [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: directory export and import
I believe header.exe is on the Exchange 5.5 Server CD, at least it is on mine. If this is E2K, that's a whole other kettle of fish. -Original Message- From: Green, Jacky {IT~Welwyn} To: Exchange Discussions Sent: 1/28/2002 10:12 AM Subject: directory export and import Hello, Can anyone tell me where I can find a definitive list of headers for creating a CSV export file for Exchange? Or even where I might download some examples, or header.exe (which should be on the resource kit, but I cannot locate a copy anywhere). Many thanks in advance for your help. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: directory export and import
So locate or buy a copy of the Back Office Resource Kit. If you have TechNet or MSDN, it comes with that too. Ed Crowley MCSE+I MVP Tech Consultant Compaq Computer "There are seldom good technological solutions to behavioral problems." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Green, Jacky {IT~Welwyn} Sent: Monday, January 28, 2002 8:12 AM To: Exchange Discussions Subject: directory export and import Hello, Can anyone tell me where I can find a definitive list of headers for creating a CSV export file for Exchange? Or even where I might download some examples, or header.exe (which should be on the resource kit, but I cannot locate a copy anywhere). Many thanks in advance for your help. Jacky Green [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Access Exchange via Internet
Post the full error message and/or NDR. Ed Crowley MCSE+I MVP Tech Consultant Compaq Computer "There are seldom good technological solutions to behavioral problems." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Marty Sent: Monday, January 28, 2002 7:37 AM To: Exchange Discussions Subject: Access Exchange via Internet I have a problem connecting to my Exchange 5.5 Mail server using Exchange 2000 - I get an error , server not available. sometimes I can get access if I set someone up who has never used Outlook on a machine, but id I set a user up on a mcahine which has used Outlook before I cannot connect to Server even i use differnet profiles. Can anyone help? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Fix from Trend for Exchange 2000 Attachment blocking
Geez. Just block all attachments, then. I don't know about Trend, but Sybari looks inside the file for its type screening rather than depending on filename extensions. Ed Crowley MCSE+I MVP Tech Consultant Compaq Computer "There are seldom good technological solutions to behavioral problems." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Whitlock, Teresa Sent: Friday, January 25, 2002 1:48 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking Forgive me if this has already been covered as I just started with this list today, but does this fix work for files that are sent with double extensions, such as; *.txt.scr? -Original Message- From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 1:51 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking It did work for .bat files for me. I just tested it and here's the alert received from ScanMail: -Original Message- From: System Attendant Sent: Friday, January 25, 2002 4:50 PM To: Soysal, Serdar Subject: ScanMail Message: To Sender virus found or matched file blocking setting. ScanMail for Microsoft Exchange has taken action on the message, please refer to the contents of this message for further details. Sender = Soysal, Serdar Recipient(s) = MPOP_EX06; Subject = asdfasdfsa Scanning Time = 01/25/2002 16:49:39 Engine/Pattern = 5.630-1025/207 Action on message: The attachment hoba.bat matched file blocking settings. ScanMail has taken the Moved action. The attachment was moved to C:\Programs\Trend\Smex\Alert\hoba3c51d2f32.bat_. Warning to sender. ScanMail has detected a virus in an email you sent. -Original Message- From: Hooks, Tim [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:43 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking Let me know if that blocks .bat files too. It is not for me and I have that set up you suggest. tjh -Original Message- From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:40 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking Just to be clear, you need to include both the attachment extensions and names. The attachment blocking settings should look like: [ ] All attachments [x] Specified attachments Attachments with specified extensions: ade;adp;bas;. Attachments with specified names: *.ade;*.adp;*.bas;. S. -Original Message- From: Mood, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:36 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking On Exch 5.5 with Scanmail 3.8 and Scan engine 5.630-1025. *. is in place and it is not blocking batch or vbs files. -Original Message- From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:32 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking Well, it worked for me. I put a *. In front of every attachment type I had and boom it started blocking. You are using the same scan engine right? S. -Original Message- From: Mood, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:25 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking Suggested change does not seem to be working for Version 3.8 or 3.7. Am I missing something, another check box maybe? (on the phone to Trend now BTW) -Original Message- From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 3:23 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking Damn! Same on Exchange 5.5 version as well. Version 3.8, pattern 207. I was able to create vbs files in notepad and happily pass them along. Good catch Tim. I'll go ahead and implement the change here as well. S. -Original Message- From: Hooks, Tim [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 3:07 PM To: Exchange Discussions Subject: Fix from Trend for Exchange 2000 Attachment blocking Just got off the phone with Trend. I noticed .bat files were not being blocked even though they were on my list of attachments to block by file extension. Trend indicates that blocking by file extension interprets by "true file type," meaning a .bat is a .txt file! The fix is to put in the "Attachments with specified file names:" entries like *.bat, *.scr, *.vbs, etc. I added almost my entire list minus a few like gif, jpg, mov, etc that being blocked correctly now. Exchange 2000 SP2 on Windows 2000 SP2 Scan engine version is: 5.630-1025 Pattern is 207 All Product version are: 6.00 Here are my entries: Attachments with specified extensions: bat;gif;jpg;jpeg;386;acm;asp;avb;bin;cla;class;cnv;com;cs;dll;drv;gms;hlp;ht a;htt;inf;
RE: OWA 2000 and logon.asp? Would like to login to user friendly interface
Heh. ;) -Original Message- From: Bryan Schlegel To: Exchange Discussions Sent: 1/27/2002 11:09 PM Subject: OWA 2000 and logon.asp? Would like to login to user friendly interface I just inherited an Exchange 2000 serer, I looked for the logon.asp page, but can't seem to find it. MS doesn't seem to even mention it in Exchange 2000I wish I did the original install. I can't even find the generic OWA for EX 2000, am I missing something? Right now it goes directly to windows login prompt and it is not very user friendly, I would like to have a little nice window that my users could login to, instead the get flustered with the windows Authentication box Thanks for any insight -b _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: OWA 2000 and logon.asp? Would like to login to user friendlyinterface
Things have changed between Exchange 5.5 and Exchange 2000, my friend. Ed Crowley MCSE+I MVP Tech Consultant Compaq Computer "There are seldom good technological solutions to behavioral problems." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bryan Schlegel Sent: Sunday, January 27, 2002 9:10 PM To: Exchange Discussions Subject: OWA 2000 and logon.asp? Would like to login to user friendly interface I just inherited an Exchange 2000 serer, I looked for the logon.asp page, but can't seem to find it. MS doesn't seem to even mention it in Exchange 2000I wish I did the original install. I can't even find the generic OWA for EX 2000, am I missing something? Right now it goes directly to windows login prompt and it is not very user friendly, I would like to have a little nice window that my users could login to, instead the get flustered with the windows Authentication box Thanks for any insight -b _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
I'm going to buck the trend and say your brick backup is doing it. I've never heard of brick backup doing that, but I hate brick backups so there must be some connection. Ed Crowley MCSE+I MVP Tech Consultant Compaq Computer "There are seldom good technological solutions to behavioral problems." -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Aristotle Zoulas Sent: Monday, January 28, 2002 7:17 AM To: Exchange Discussions Subject: unread mail marked read by itself ? Is this possible? Several members of the firm that I am consulting for claim to have had this problem. They came in one morning several days ago and to their surprise, mail that they NEVER read was marked as being read by outlook. The firm is running Exchange 5.5 with outlook as a client . Some possibilities are: 1.)something happened to the internal database that caused this error.2.) Someone within the company tampered with the mail and read their mail, thus marking it as read. 3.) Perhaps their backup system had something to do with it. They are doing brick level back ups using Veritas 8.5. #3 does not seem like an option since only two people, albeit high level IT people, were affected. This also NEVER happened before. Any help would be appreciated. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Yahoo! and Exchange
Well, knowing less than nothing about Yahoo!'s mail server config, if they allow it, you ought to be able to configure your mail server to forward all messages to a host and enter the IP address of the Yahoo! mail server (although I don't see why you couldn't just deliver those messages using DNS). As for retrieving mail, you'd need a POP3 connector (yuck) to retrieve the mail from the POP3 mailboxes or for Yahoo! to provide ETRN (YFR). You can set up your server as the Mx record, even with with a dynamic IP address. EasyDNS provides DynamicDNS services which will allow you to automagically update the IP address of your Mx record whenever it changes with the use of a small utility running on the Exchange server. www.swinc.com has a nice SMTP FAQ which might be of help as well in their resources section. -Original Message- From: Jeff & April Moore To: Exchange Discussions Sent: 1/26/2002 9:20 AM Subject: Yahoo! and Exchange I have a very small company whose DNS records are hosted by Yahoo! and the mail is served by Yahoo! as well. I want to begin the process of running my own mail server. I have an E2K server with a private IP address sitting behind a router with a dynamic public IP address. I want to setup my Exchange server to send and retrieve messages through the Yahoo! mail server. I'm not yet ready to point the MX records to my server, especially not while I have a Dynamic IP. Anyone have an idea how to make this work? Jeff Moore, MCSE Houston, TX _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Exchange 5.5 recovery
Hi All I need some help with the following problem I have a client that had a total crash (we came in after the crash) of his server and has lost all of his exchange. There is only one item that this client requires and that is a public folder with all of his contact details for a news letter (2000 - 3000 Contacts). We managed to recover a copy of the priv.edb, pub.edb and dir.edb and build a new server with the old site name and organisation. we then ran eseutil and isinteg -patch and all seems to be OK The system attendant and the directory service started.(a good start) The problem is that when we run up the other services we get Event 9994 and error 2186 (both relate to logon issue) which is the service account and password are incorrect. We have changed the account to services and also to admin but to no avail. Anyone have any ideas on how to get this information back Thanks Roger Smith Technical Support Manager OfficePCs 10 Cape Street Dickson Phone : 62579111 Fax: 62579004 [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
directory export and import
Hello, Can anyone tell me where I can find a definitive list of headers for creating a CSV export file for Exchange? Or even where I might download some examples, or header.exe (which should be on the resource kit, but I cannot locate a copy anywhere). Many thanks in advance for your help. Jacky Green [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Exchange 2000 and OWA...logon.asp is gonzo?
I know that Exchange 2000 OWA is not based on asphowever I just inherited an Exchange 2000 server, I looked for the logon.asp page, but can't seem to find it. MS doesn't seem to even mention it in Exchange 2000 OWA architecturethey mention how much you can customize it and to get the development kit for Exchange Server 2000, but haven't found any reference in there. MS talks about is direct access via http://mail/exchange/user ...I wish I did the original install, but that's how things go. I can't even find the generic OWA for EX 2000, am I missing something? I found a media plug in page, called "eminst.asp". Not even sure how to utilize that, but that is a topic for another thread...Right now my OWA goes directly to windows login prompt and I personally think that although this may be more secure that it is not user friendly at all. I have many users that get flustered when prompted this way. I am sorry for posting if this has been answered numerous times, but I feel like I have tried everywhere. Unfortunately a search for logon.asp and Exchange 2000 brings back many vague pages, mostly having to do with 5.5. If anyone could pass any documentation about this particular issue or what I can do to create a page for Exchange Server 2000, or where I can find examples it would be greatly appreciated. Thanks for any insight, Newbie to EX 2000 :) -Bryan _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Exchange 2000 and OWA...logon.asp is gonzo?
I know that Exchange 2000 OWA is not based on asphowever I just inherited an Exchange 2000 server, I looked for the logon.asp page, but can't seem to find it. MS doesn't seem to even mention it in Exchange 2000 OWA architecturethey mention how much you can customize it and to get the development kit for Exchange Server 2000, but haven't found any reference in there. MS talks about is direct access via http://mail/exchange/user ...I wish I did the original install, but that's how things go. I can't even find the generic OWA for EX 2000, am I missing something? I found a media plug in page, called "eminst.asp". Not even sure how to utilize that, but that is a topic for another thread...Right now my OWA goes directly to windows login prompt and I personally think that although this may be more secure that it is not user friendly at all. I have many users that get flustered when prompted this way. I am sorry for posting if this has been answered numerous times, but I feel like I have tried everywhere. Unfortunately a search for logon.asp and Exchange 2000 brings back many vague pages, mostly having to do with 5.5. If anyone could pass any documentation about this particular issue or what I can do to create a page for Exchange Server 2000, or where I can find examples it would be greatly appreciated. Thanks for any insight, Newbie to EX 2000 :) -Bryan _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?
Of course... the administrator can open any mailbox. Gary -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:57 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? one reads others mail as their permissions allow else access denied > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:24 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > What are the common ways for people to read other people's > email? They have OWA turned off. I will also assume that they > did not leave their workstations logged in. 5 (?'s) omitted --) > > -Original Message- > From: Doug Hampshire [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 11:16 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > Exchange Administrator - a sign of a diseased mind. > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Access Exchange via Internet
I have a problem connecting to my Exchange 5.5 Mail server using Exchange 2000 - I get an error , server not available. sometimes I can get access if I set someone up who has never used Outlook on a machine, but id I set a user up on a mcahine which has used Outlook before I cannot connect to Server even i use differnet profiles. Can anyone help? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
OWA 2000 and logon.asp? Would like to login to user friendly interface
I just inherited an Exchange 2000 serer, I looked for the logon.asp page, but can't seem to find it. MS doesn't seem to even mention it in Exchange 2000I wish I did the original install. I can't even find the generic OWA for EX 2000, am I missing something? Right now it goes directly to windows login prompt and it is not very user friendly, I would like to have a little nice window that my users could login to, instead the get flustered with the windows Authentication box Thanks for any insight -b _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Yahoo! and Exchange
I have a very small company whose DNS records are hosted by Yahoo! and the mail is served by Yahoo! as well. I want to begin the process of running my own mail server. I have an E2K server with a private IP address sitting behind a router with a dynamic public IP address. I want to setup my Exchange server to send and retrieve messages through the Yahoo! mail server. I'm not yet ready to point the MX records to my server, especially not while I have a Dynamic IP. Anyone have an idea how to make this work? Jeff Moore, MCSE Houston, TX _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Yahoo! and Exchange
I have a very small company whose DNS records are hosted by Yahoo! and the mail is served by Yahoo! as well. I want to begin the process of running my own mail server. I have an E2K server with a private IP address sitting behind a router with a dynamic public IP address. I want to setup my Exchange server to send and retrieve messages through the Yahoo! mail server. I'm not yet ready to point the MX records to my server, especially not while I have a Dynamic IP. Anyone have an idea how to make this work? Jeff Moore, MCSE Houston, TX _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Fix from Trend for Exchange 2000 Attachment blocking
Forgive me if this has already been covered as I just started with this list today, but does this fix work for files that are sent with double extensions, such as; *.txt.scr? -Original Message- From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 1:51 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking It did work for .bat files for me. I just tested it and here's the alert received from ScanMail: -Original Message- From: System Attendant Sent: Friday, January 25, 2002 4:50 PM To: Soysal, Serdar Subject: ScanMail Message: To Sender virus found or matched file blocking setting. ScanMail for Microsoft Exchange has taken action on the message, please refer to the contents of this message for further details. Sender = Soysal, Serdar Recipient(s) = MPOP_EX06; Subject = asdfasdfsa Scanning Time = 01/25/2002 16:49:39 Engine/Pattern = 5.630-1025/207 Action on message: The attachment hoba.bat matched file blocking settings. ScanMail has taken the Moved action. The attachment was moved to C:\Programs\Trend\Smex\Alert\hoba3c51d2f32.bat_. Warning to sender. ScanMail has detected a virus in an email you sent. -Original Message- From: Hooks, Tim [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:43 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking Let me know if that blocks .bat files too. It is not for me and I have that set up you suggest. tjh -Original Message- From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:40 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking Just to be clear, you need to include both the attachment extensions and names. The attachment blocking settings should look like: [ ] All attachments [x] Specified attachments Attachments with specified extensions: ade;adp;bas;. Attachments with specified names: *.ade;*.adp;*.bas;. S. -Original Message- From: Mood, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:36 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking On Exch 5.5 with Scanmail 3.8 and Scan engine 5.630-1025. *. is in place and it is not blocking batch or vbs files. -Original Message- From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:32 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking Well, it worked for me. I put a *. In front of every attachment type I had and boom it started blocking. You are using the same scan engine right? S. -Original Message- From: Mood, Steve [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:25 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking Suggested change does not seem to be working for Version 3.8 or 3.7. Am I missing something, another check box maybe? (on the phone to Trend now BTW) -Original Message- From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 3:23 PM To: Exchange Discussions Subject: RE: Fix from Trend for Exchange 2000 Attachment blocking Damn! Same on Exchange 5.5 version as well. Version 3.8, pattern 207. I was able to create vbs files in notepad and happily pass them along. Good catch Tim. I'll go ahead and implement the change here as well. S. -Original Message- From: Hooks, Tim [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 3:07 PM To: Exchange Discussions Subject: Fix from Trend for Exchange 2000 Attachment blocking Just got off the phone with Trend. I noticed .bat files were not being blocked even though they were on my list of attachments to block by file extension. Trend indicates that blocking by file extension interprets by "true file type," meaning a .bat is a .txt file! The fix is to put in the "Attachments with specified file names:" entries like *.bat, *.scr, *.vbs, etc. I added almost my entire list minus a few like gif, jpg, mov, etc that being blocked correctly now. Exchange 2000 SP2 on Windows 2000 SP2 Scan engine version is: 5.630-1025 Pattern is 207 All Product version are: 6.00 Here are my entries: Attachments with specified extensions: bat;gif;jpg;jpeg;386;acm;asp;avb;bin;cla;class;cnv;com;cs;dll;drv;gms;hlp;ht a;htt;inf;ini;lnk;mpd;ocx;sys;tlb;tsp;vxd;wbt;wiz;exe;vbs;avi;mov;mp3;mpg;mp eg;wsh;js;reg;ins;wsf;vbe;jse;pif;wsc;sct;hta;shs;scr;cmd;mht*;ov*; Attachments with specified file names: *.bat;*.386;*.acm;*.asp;*.avb;*.bin;*.cla;*.class;*.cnv;*.com;*.cs;*.dll;*.d rv;*.gms;*.hlp;*.hta;*.htt;*.inf;*.ini;*.lnk;*.mpd;*.ocx;*.sys;*.tlb;*.tsp;* .vxd;*.wbt;*.wiz;*.vbs;*.wsh;*.js;*.reg;*.ins;*.wsf;*.vbe;*.jse;*.pif;*.wsc; *.sct;*.hta;*.shs;*.scr;*.cmd;*.mht*;*.ov*; Timothy J. Hooks, MCSE KBHR Columbus, Ohio
alternative to exchange (iMail ? )
Hi For on project where the licensing of MS make the use of Ex 2000 not possible, I must go with another messaging platform It's may be not the right place but i'm sure you can help me What do you think of iMail ? stable ? it has a web interface for eMail and calendering. It's for an ASP project where external user would get their eMAil and calendar. JF Thanks ! _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Task in OWA 2000
Open a task in Outlook Web Access from Exchange 2000 The forms the task use is not yet supported in OWA 2000. Exemple a Contact in OL 2000 and OWA 2000 look pretty much de same. A task look like a note... JF - Original Message - From: "Jim Brady" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 9:53 PM Subject: RE: Task in OWA 2000 > What's the problem? > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Jean-Francois > Bourdeau > Sent: Monday, January 28, 2002 5:26 PM > To: Exchange Discussions > Subject: Task in OWA 2000 > > Does anyone know if task are supposed to be handled properly in OWA 2000 > soon ? > > JF > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Task in OWA 2000
What's the problem? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jean-Francois Bourdeau Sent: Monday, January 28, 2002 5:26 PM To: Exchange Discussions Subject: Task in OWA 2000 Does anyone know if task are supposed to be handled properly in OWA 2000 soon ? JF _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Task in OWA 2000
Does anyone know if task are supposed to be handled properly in OWA 2000 soon ? JF _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
How to setup multiple E2k Servers? -- Bounced Messages
My org recently migrated from a 2-site, 1 Exchange 5.5 Org to E2K w/TWO exchange servers that are in 2 physical locations. Previously, I had 1 E55 server that had the single Internet Mail Server while the 2nd server got mail replicated to it. Now, we have the 2 E2k servers w/2 SMTP virtual servers w/1 SMTP connector. We can send mail externally from both servers and receive external email but we cannot send mail to each other. We're getting bouncing mail between two servers. Can someone help with this...I'm not sure if I need a routing group or my bridgehead servers are wrong or what. NOTE: The servers are physically separated by routers but they serve the same domain, example: abc.com Any clues? Terry _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: [idea] Antivirus Suite recommendations
\ I'd love to respond to these posts on a timely basis, but we bought Arcserve for our backups! Need I say more? Chip Brannon -Original Message- From: Jennifer Baker [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 4:26 PM To: Exchange Discussions Subject: RE: [idea] Antivirus Suite recommendations I just peed my pants. -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 12:55 PM To: Exchange Discussions Subject: RE: [idea] Antivirus Suite recommendations Hey j-jaded You got your brick level backups But they're unrecoverable, uh huh So jaded You thought CA was where it was at But is that where it's s'posed to be You're gettin' it all over me X-rated -Original Message- From: Chris Levis [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 12:47 PM To: Exchange Discussions Subject: RE: [idea] Antivirus Suite recommendations Hey j-jaded You got your mamma's style But you're yesterday's child to me So jaded You think that's where it's at But is that where it's s'posed to be You're gettin' it all over me X-rated -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 3:41 PM To: Exchange Discussions Subject: RE: [idea] Antivirus Suite recommendations Jaded -Original Message- From: Gary Aiston [mailto:[EMAIL PROTECTED]] Sent: Friday, January 25, 2002 12:43 PM To: Exchange Discussions Subject: RE: [idea] Antivirus Suite recommendations cynic :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hunter, Lori Sent: 25 January 2002 20:40 To: Exchange Discussions Subject: RE: [idea] Antivirus Suite recommendations What's the FAQ? Why u no answer my question! -Original Message- From: Boettcher, Keith [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 24, 2002 6:30 PM To: Exchange Discussions Subject: RE: [idea] Antivirus Suite recommendations You are referring to the FAQ (indicated at the bottoms of these messages) Section 4.6, right? Keith Boettcher -Original Message- From: Hunter, Lori [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 24, 2002 12:43 PM To: Exchange Discussions Subject: RE: [idea] Antivirus Suite recommendations LOL! Clearly you haven't been here as long as those of us who are now thoroughly jaded. Why do you think we revel in being sarcastic smartasses?!? At least it's a skill we can hone while typing out the same answers over and over again. -Original Message- From: Milton R Dogg [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 24, 2002 2:37 PM To: Exchange Discussions Subject: RE:[idea] Antivirus Suite recommendations I think once a week we need to post a list of links to the faq that answer: AV, Backup, moving a server, upgrading, and why not to run eseutil. Then we could have more time to answer real questions that don't get asked 3 times a day. Milton R Dogg Of The Dogg Foundation.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of William Lefkovics Sent: Thursday, January 24, 2002 12:19 PM To: Exchange Discussions Subject: Re: Antivirus Suite recommendations You're not buying the product. You get a term license for its use. Same with Antigen. - Original Message - From: "Matt Hoffman" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Thursday, January 24, 2002 12:14 PM Subject: RE: Antivirus Suite recommendations > I'm noting that CDW does have the NeaTSuite package for 250 users > listed at > under $8000. This is certainly a bit cheaper than NAI's package, > however, what is Trend's licensing like? NAI wants you to re-license > every two years. How about Trend? Is it similar? Maybe I'll get > lucky and they only > want you to buy it ONCE? > > -Original Message- > From: Durkee, Peter [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 24, 2002 2:52 PM > To: Exchange Discussions > Subject: RE: Antivirus Suite recommendations > > > ...and they do have the funniest radio ads. > > I sympathize on your situation with NAI. We saw a similar price > increase from them while actually reducing the number of nodes. I > looked at it as a good excuse to get some good software, Antigen in > our case. > > -Peter > > > -Original Message- > From: Matt Hoffman [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 24, 2002 11:50 > To: Exchange Discussions > Subject: RE: Antivirus Suite recommendations > > > So far CDW has been pretty good to me. I've usually received product > from them within a couple days of submitting a PO to them. Again, not > necessarily the cheapest place around, but ease of ordering and > service are > still a big part of why I decide to purchase from them. > > -Original Message- > From: Joel Musheno [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 24, 2002 2:51 PM > To: Exchange Discussions > Subject: RE: Antivi
RE: Alert: W32/Myparty-mm on the loose
According to the Sybari tech, "Either one should work. *.*.* would be for any double extension or more extensions while the *.*.com would be for double extensions ending in .com."I agree that this is an issue, the *.com file filter gives one a false sense of security that anything ending in .com will be filtered. Sybari's website doesn't suggest using the *.*.extension approach either http://www.sybari.com/alerts/filter.asp?year=2002 . I'm continuing to push the issue w/the Sybari TAM. -Original Message- From: Harmon, Josh [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 6:28 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I was thinking that might be the problem... BUT Would that take care of *.*.*.*.com files? If that's really the issue, this is something that Sybari needs to address from a coding standpoint in my opinion. *.com should kill anything that ends in *.com. Or is it up to me to guess how many 'dot' separators the next virus will use? Josh -Original Message- From: Kemppel, Charlean [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:13 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I have *.com filtered on the Internet & Real-time engines on my IMC & it slipped in as well; I actually spoke to a support guy @Sybari & he suggested that since the file had multiple "." Antigen saw the extension as .myparty and ignored the rest. Sybari suggested using a filter of *.*.com to capture multiple extension files. -Original Message- From: David Weinstein [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 4:57 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I am running Antigen as well - this slipped by my .com filter as well - -Original Message- From: Saul [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 2:08 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I am also blocking *.com on our SMTP Scan Job for Antigen but this attachment slipped by. Luckily the user who got suspected something and called us. I have updated the virus engines running on our Antigen but I am curious why the attachment blocking didn't work? Any IDEAS? Saul > This one slipped by our *.com file matching as well... actually it's > been a little hit and miss... some were caught but others were not > stopped until we installed the defnition file--We're running Antigen > with the Norman def. I'm still seeing weird stuff some seem to be > getting through he IMC scan and making it to the store and getting > disinfected there. That's the first time I've ever seen that. Very > odd indeed. Most that are being caught are by the virus > definition--because generally we just get the *.com type block > message. Wonder what's going on here. > > Fortunately we run something different on the desktop--and it had > updated through the night. > > Josh Harmon > > > -Original Message- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:20 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. > NAV for exchange caught it by the .COM extension, and norton had just > liveupdated us an hour earlier with the new definitions that would > have caught it if it wasn't a blocked extension. I think the syntax > of the attachment code is probably not RFC compliant. > > Tom > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are > going to take forever to combat from a social engineering standpoint. > It's probably worth investing some time in user education on .com > files because I think this is going to be a new favorite virus writing > style for the next few months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -Original Message- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -Original Message- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new > mass mailer in your mail systems. This is a pure social engineering > attack, it contains an attachment named as a URL with a .com > extension. Since .com is also an application, it will be run as such > if its double-clicked on. Check with your AV company for updates > and/or filtering criteria. If you can, be sure you have attachment > filtering enabled at your mail gateway. Outlook Email Sec
RE: Alert: W32/Myparty-mm on the loose
just spoke with them on this. Was informed that they're currently analyzing the issue in QA and with the scan engine vendors. I'd check back with them in the next day or so on next steps. byron markettools -Original Message- From: Harmon, Josh [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 3:28 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I was thinking that might be the problem... BUT Would that take care of *.*.*.*.com files? If that's really the issue, this is something that Sybari needs to address from a coding standpoint in my opinion. *.com should kill anything that ends in *.com. Or is it up to me to guess how many 'dot' separators the next virus will use? Josh -Original Message- From: Kemppel, Charlean [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:13 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I have *.com filtered on the Internet & Real-time engines on my IMC & it slipped in as well; I actually spoke to a support guy @Sybari & he suggested that since the file had multiple "." Antigen saw the extension as .myparty and ignored the rest. Sybari suggested using a filter of *.*.com to capture multiple extension files. -Original Message- From: David Weinstein [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 4:57 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I am running Antigen as well - this slipped by my .com filter as well - -Original Message- From: Saul [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 2:08 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I am also blocking *.com on our SMTP Scan Job for Antigen but this attachment slipped by. Luckily the user who got suspected something and called us. I have updated the virus engines running on our Antigen but I am curious why the attachment blocking didn't work? Any IDEAS? Saul > This one slipped by our *.com file matching as well... actually it's > been a little hit and miss... some were caught but others were not > stopped until we installed the defnition file--We're running Antigen > with the Norman def. I'm still seeing weird stuff some seem to be > getting through he IMC scan and making it to the store and getting > disinfected there. That's the first time I've ever seen that. Very > odd indeed. Most that are being caught are by the virus > definition--because generally we just get the *.com type block > message. Wonder what's going on here. > > Fortunately we run something different on the desktop--and it had > updated through the night. > > Josh Harmon > > > -Original Message- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:20 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. > NAV for exchange caught it by the .COM extension, and norton had just > liveupdated us an hour earlier with the new definitions that would > have caught it if it wasn't a blocked extension. I think the syntax > of the attachment code is probably not RFC compliant. > > Tom > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are > going to take forever to combat from a social engineering standpoint. > It's probably worth investing some time in user education on .com > files because I think this is going to be a new favorite virus writing > style for the next few months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -Original Message- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -Original Message- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new > mass mailer in your mail systems. This is a pure social engineering > attack, it contains an attachment named as a URL with a .com > extension. Since .com is also an application, it will be run as such > if its double-clicked on. Check with your AV company for updates > and/or filtering criteria. If you can, be sure you have attachment > filtering enabled at your mail gateway. Outlook Email Security Update, > and Outlook 2002, both catch this attachment and prevent it from being > available for the user to click on. > > Cheers, > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > _ > List pos
RE: Alert: W32/Myparty-mm on the loose
For what it's worth, MailSweeper for SMTP just looks at the last extension -- it's caught two copies of MyParty so far here without any difficulty. Aloha, -Ben- Ben M. Schorr, MVP-Outlook, CNA, MCPx3 Director of Information Services Damon Key Leong Kupchak Hastert http://www.hawaiilawyer.com > -Original Message- > From: Harmon, Josh [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 1:28 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > I was thinking that might be the problem... BUT > > Would that take care of *.*.*.*.com files? If that's really > the issue, this is something that Sybari needs to address > from a coding standpoint in my opinion. *.com should kill > anything that ends in *.com. Or is it up to me to guess how > many 'dot' separators the next virus will use? Josh > > -Original Message- > From: Kemppel, Charlean [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:13 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > I have *.com filtered on the Internet & Real-time engines on > my IMC & it slipped in as well; I actually spoke to a > support guy @Sybari & he suggested that since the file had > multiple "." Antigen saw the extension as > .myparty and ignored the rest. Sybari suggested using a > filter of *.*.com > to capture multiple extension files. > > -Original Message- > From: David Weinstein [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 4:57 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > I am running Antigen as well - this slipped by my .com filter > as well - > > -Original Message- > From: Saul [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 2:08 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > I am also blocking *.com on our SMTP Scan Job for Antigen but > this attachment slipped by. Luckily the user who got > suspected something and called us. I have updated the virus > engines running on our Antigen but I am curious why the > attachment blocking didn't work? Any IDEAS? > > Saul > > > This one slipped by our *.com file matching as well... actually it's > > been a little hit and miss... some were caught but others were not > > stopped until we installed the defnition file--We're > running Antigen > > with the Norman def. I'm still seeing weird stuff some > seem to be > > getting through he IMC scan and making it to the store and getting > > disinfected there. That's the first time I've ever seen > that. Very > > odd indeed. Most that are being caught are by the virus > > definition--because generally we just get the *.com type block > > message. Wonder what's going on here. > > > > Fortunately we run something different on the desktop--and it had > > updated through the night. > > > > Josh Harmon > > > > > > -Original Message- > > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 8:20 AM > > To: Exchange Discussions > > Subject: RE: Alert: W32/Myparty-mm on the loose > > > > > > Somehow this one slipped past our .com filter on our linux firewall. > > NAV for exchange caught it by the .COM extension, and > norton had just > > liveupdated us an hour earlier with the new definitions that would > > have caught it if it wasn't a blocked extension. I think > the syntax > > of the attachment code is probably not RFC compliant. > > > > Tom > > > > -Original Message- > > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 9:03 AM > > To: Exchange Discussions > > Subject: RE: Alert: W32/Myparty-mm on the loose > > > > > > Fortunately we're all blocking *.com right? The *.com viruses are > > going to take forever to combat from a social engineering > standpoint. > > It's probably worth investing some time in user education on .com > > files because I think this is going to be a new favorite > virus writing > > style for the next few months. > > > > Chris Scharff > > The Mail Resource Center > > http://www.mail-resources.com > > > > -Original Message- > > From: Martin Blackstone > > To: Exchange Discussions > > Sent: 1/28/2002 7:57 AM > > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > > > > > -Original Message- > > From: Russ [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 5:45 AM > > To: [EMAIL PROTECTED] > > Subject: Alert: W32/Myparty-mm on the loose > > > > > > Be aware that this morning you will likely find a copy of this new > > mass mailer in your mail systems. This is a pure social engineering > > attack, it contains an attachment named as a URL with a .com > > extension. Since .com is also an application, it will be > run as such > > if its double-clicked on. Check with your AV company for updates > > and/or filtering criteria. If you can, be sure you
RE: Alert: W32/Myparty-mm on the loose
I was thinking that might be the problem... BUT Would that take care of *.*.*.*.com files? If that's really the issue, this is something that Sybari needs to address from a coding standpoint in my opinion. *.com should kill anything that ends in *.com. Or is it up to me to guess how many 'dot' separators the next virus will use? Josh -Original Message- From: Kemppel, Charlean [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:13 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I have *.com filtered on the Internet & Real-time engines on my IMC & it slipped in as well; I actually spoke to a support guy @Sybari & he suggested that since the file had multiple "." Antigen saw the extension as .myparty and ignored the rest. Sybari suggested using a filter of *.*.com to capture multiple extension files. -Original Message- From: David Weinstein [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 4:57 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I am running Antigen as well - this slipped by my .com filter as well - -Original Message- From: Saul [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 2:08 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I am also blocking *.com on our SMTP Scan Job for Antigen but this attachment slipped by. Luckily the user who got suspected something and called us. I have updated the virus engines running on our Antigen but I am curious why the attachment blocking didn't work? Any IDEAS? Saul > This one slipped by our *.com file matching as well... actually it's > been a little hit and miss... some were caught but others were not > stopped until we installed the defnition file--We're running Antigen > with the Norman def. I'm still seeing weird stuff some seem to be > getting through he IMC scan and making it to the store and getting > disinfected there. That's the first time I've ever seen that. Very > odd indeed. Most that are being caught are by the virus > definition--because generally we just get the *.com type block > message. Wonder what's going on here. > > Fortunately we run something different on the desktop--and it had > updated through the night. > > Josh Harmon > > > -Original Message- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:20 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. > NAV for exchange caught it by the .COM extension, and norton had just > liveupdated us an hour earlier with the new definitions that would > have caught it if it wasn't a blocked extension. I think the syntax > of the attachment code is probably not RFC compliant. > > Tom > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are > going to take forever to combat from a social engineering standpoint. > It's probably worth investing some time in user education on .com > files because I think this is going to be a new favorite virus writing > style for the next few months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -Original Message- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -Original Message- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new > mass mailer in your mail systems. This is a pure social engineering > attack, it contains an attachment named as a URL with a .com > extension. Since .com is also an application, it will be run as such > if its double-clicked on. Check with your AV company for updates > and/or filtering criteria. If you can, be sure you have attachment > filtering enabled at your mail gateway. Outlook Email Security Update, > and Outlook 2002, both catch this attachment and prevent it from being > available for the user to click on. > > Cheers, > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://w
RE: Cannot receive incoming mail
Yes, this was enabled. -Original Message- From: Jim Brady [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:39 AM To: Exchange Discussions Subject: RE: Cannot receive incoming mail Enabled the RerouteViaStore registry value? http://support.microsoft.com/default.aspx?scid=kb;en-us;Q259730 Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Pillai, Raj Sent: Monday, January 28, 2002 9:31 AM To: Exchange Discussions Subject: Cannot receive incoming mail Hello All, I created an email disclaimer using the Imsext.dll file and followed the steps provided by Nick Ferguson to implement it. However once it was activated we stopped receiving inbound mail. Errors seen on Exchange Server and SMTP server : Exchange Server Event viewer: Application logEvent ID 4188> Refused to relay. InterScan Viruswall Realtime monitor: Relaying prohibited to [EMAIL PROTECTED] Any ideas to solve this problem ? Single Domain, NT Server 4.0 sp6a, MSExchange 5.5 Sp4. Currently the dll file is disabled, so we can receive mail. Thanks Raj _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
I have *.com filtered on the Internet & Real-time engines on my IMC & it slipped in as well; I actually spoke to a support guy @Sybari & he suggested that since the file had multiple "." Antigen saw the extension as .myparty and ignored the rest. Sybari suggested using a filter of *.*.com to capture multiple extension files. -Original Message- From: David Weinstein [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 4:57 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I am running Antigen as well - this slipped by my .com filter as well - -Original Message- From: Saul [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 2:08 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I am also blocking *.com on our SMTP Scan Job for Antigen but this attachment slipped by. Luckily the user who got suspected something and called us. I have updated the virus engines running on our Antigen but I am curious why the attachment blocking didn't work? Any IDEAS? Saul > This one slipped by our *.com file matching as well... actually it's > been a little hit and miss... some were caught but others were not > stopped until we installed the defnition file--We're running Antigen > with the Norman def. I'm still seeing weird stuff some seem to be > getting through he IMC scan and making it to the store and getting > disinfected there. That's the first time I've ever seen that. Very > odd indeed. Most that are being caught are by the virus > definition--because generally we just get the *.com type block > message. Wonder what's going on here. > > Fortunately we run something different on the desktop--and it had > updated through the night. > > Josh Harmon > > > -Original Message- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:20 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. > NAV for exchange caught it by the .COM extension, and norton had just > liveupdated us an hour earlier with the new definitions that would > have caught it if it wasn't a blocked extension. I think the syntax > of the attachment code is probably not RFC compliant. > > Tom > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are > going to take forever to combat from a social engineering standpoint. > It's probably worth investing some time in user education on .com > files because I think this is going to be a new favorite virus writing > style for the next few months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -Original Message- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -Original Message- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new > mass mailer in your mail systems. This is a pure social engineering > attack, it contains an attachment named as a URL with a .com > extension. Since .com is also an application, it will be run as such > if its double-clicked on. Check with your AV company for updates > and/or filtering criteria. If you can, be sure you have attachment > filtering enabled at your mail gateway. Outlook Email Security Update, > and Outlook 2002, both catch this attachment and prevent it from being > available for the user to click on. > > Cheers, > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com
RE: Alert: W32/Myparty-mm on the loose
Apparently the primitive Uuencoding slipped right past our linux smap filter. Our nav for exchange had no trouble trapping it. Tom -Original Message- From: Harmon, Josh [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 2:58 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose This one slipped by our *.com file matching as well... actually it's been a little hit and miss... some were caught but others were not stopped until we installed the defnition file--We're running Antigen with the Norman def. I'm still seeing weird stuff some seem to be getting through he IMC scan and making it to the store and getting disinfected there. That's the first time I've ever seen that. Very odd indeed. Most that are being caught are by the virus definition--because generally we just get the *.com type block message. Wonder what's going on here. Fortunately we run something different on the desktop--and it had updated through the night. Josh Harmon -Original Message- From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:20 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Somehow this one slipped past our .com filter on our linux firewall. NAV for exchange caught it by the .COM extension, and norton had just liveupdated us an hour earlier with the new definitions that would have caught it if it wasn't a blocked extension. I think the syntax of the attachment code is probably not RFC compliant. Tom -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:03 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Fortunately we're all blocking *.com right? The *.com viruses are going to take forever to combat from a social engineering standpoint. It's probably worth investing some time in user education on .com files because I think this is going to be a new favorite virus writing style for the next few months. Chris Scharff The Mail Resource Center http://www.mail-resources.com -Original Message- From: Martin Blackstone To: Exchange Discussions Sent: 1/28/2002 7:57 AM Subject: FW: Alert: W32/Myparty-mm on the loose -Original Message- From: Russ [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:45 AM To: [EMAIL PROTECTED] Subject: Alert: W32/Myparty-mm on the loose Be aware that this morning you will likely find a copy of this new mass mailer in your mail systems. This is a pure social engineering attack, it contains an attachment named as a URL with a .com extension. Since .com is also an application, it will be run as such if its double-clicked on. Check with your AV company for updates and/or filtering criteria. If you can, be sure you have attachment filtering enabled at your mail gateway. Outlook Email Security Update, and Outlook 2002, both catch this attachment and prevent it from being available for the user to click on. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Exchange 2000 in place upgrade
Hey all: I've been peppering the list with some Exchange 2000 in place upgrade questions and have just a couple more. I've been testing an upgrade of a 4 Ex 5.5 server environment using an in place upgrade. It was finally decided this was the way to go because it actually appears to lessen user impact in our environment (About 10,000 Faculty/Staff/students using a client mix from POP3, IMAP, MAPI, to OWA). Anyway, I'm wondering if anyone else has done the upgrade in production and specifically--if you waited for the background "database upgrade" to finish before you 1) applied a service pack--we will be applying sp2 and 2) waited for the background upgrade process to finish before you ran an online backup. I've tested this multiple times in our test environment and so far and it looks like it works well--patching to sp2 shortly after the post ex2k upgrade reboot, and after sp2 is finished running the backups. During the backup, the disks go crazy for about an hour (on a 60 gig database), but the log files stop growing after an hour (and a gig of logs) and then it flies right along... I just can't imagine waiting to do the backup for very long, though. We plan on upgrading all four servers in a weekend so our schedule is fairly tight. Which bring up my next questions. I've been told that both the initial database upgrade that takes place during the setup and the post setup background upgrade take a very long time. In fact one article said the "manual portion" of the upgrade takes on average 9 gig an hour. We have fairly decent test and production hardware and the longest I've seen is about 1.5 hours for a 60 gig information store. Are they including single disk ATA configurations/ in this 9 gig/hr average? I imagine so, but that certainly skews the data. Josh _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
Norton's catching them just fine with the attachment blocking. -Original Message- From: David Weinstein [mailto:[EMAIL PROTECTED]] Posted At: Monday, January 28, 2002 3:57 PM Posted To: MSExchange Mailing List Conversation: Alert: W32/Myparty-mm on the loose Subject: RE: Alert: W32/Myparty-mm on the loose I am running Antigen as well - this slipped by my .com filter as well - -Original Message- From: Saul [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 2:08 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I am also blocking *.com on our SMTP Scan Job for Antigen but this attachment slipped by. Luckily the user who got suspected something and called us. I have updated the virus engines running on our Antigen but I am curious why the attachment blocking didn't work? Any IDEAS? Saul > This one slipped by our *.com file matching as well... actually it's > been a little hit and miss... some were caught but others were not > stopped until we installed the defnition file--We're running Antigen > with the Norman def. I'm still seeing weird stuff some seem to be > getting through he IMC scan and making it to the store and getting > disinfected there. That's the first time I've ever seen that. Very > odd indeed. Most that are being caught are by the virus > definition--because generally we just get the *.com type block > message. Wonder what's going on here. > > Fortunately we run something different on the desktop--and it had > updated through the night. > > Josh Harmon > > > -Original Message- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:20 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. > NAV for exchange caught it by the .COM extension, and norton had just > liveupdated us an hour earlier with the new definitions that would > have caught it if it wasn't a blocked extension. I think the syntax > of the attachment code is probably not RFC compliant. > > Tom > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are > going to take forever to combat from a social engineering standpoint. > It's probably worth investing some time in user education on .com > files because I think this is going to be a new favorite virus writing > style for the next few months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -Original Message- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -Original Message- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new > mass mailer in your mail systems. This is a pure social engineering > attack, it contains an attachment named as a URL with a .com > extension. Since .com is also an application, it will be run as such > if its double-clicked on. Check with your AV company for updates > and/or filtering criteria. If you can, be sure you have attachment > filtering enabled at your mail gateway. Outlook Email Security Update, > and Outlook 2002, both catch this attachment and prevent it from being > available for the user to click on. > > Cheers, > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
I am running Antigen as well - this slipped by my .com filter as well - -Original Message- From: Saul [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 2:08 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I am also blocking *.com on our SMTP Scan Job for Antigen but this attachment slipped by. Luckily the user who got suspected something and called us. I have updated the virus engines running on our Antigen but I am curious why the attachment blocking didn't work? Any IDEAS? Saul > This one slipped by our *.com file matching as well... actually it's > been a little hit and miss... some were caught but others were not > stopped until we installed the defnition file--We're running Antigen > with the Norman def. I'm still seeing weird stuff some seem to be > getting through he IMC scan and making it to the store and getting > disinfected there. That's the first time I've ever seen that. Very > odd indeed. Most that are being caught are by the virus > definition--because generally we just get the *.com type block > message. Wonder what's going on here. > > Fortunately we run something different on the desktop--and it had > updated through the night. > > Josh Harmon > > > -Original Message- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:20 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. > NAV for exchange caught it by the .COM extension, and norton had just > liveupdated us an hour earlier with the new definitions that would > have caught it if it wasn't a blocked extension. I think the syntax > of the attachment code is probably not RFC compliant. > > Tom > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are > going to take forever to combat from a social engineering standpoint. > It's probably worth investing some time in user education on .com > files because I think this is going to be a new favorite virus writing > style for the next few months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -Original Message- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -Original Message- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new > mass mailer in your mail systems. This is a pure social engineering > attack, it contains an attachment named as a URL with a .com > extension. Since .com is also an application, it will be run as such > if its double-clicked on. Check with your AV company for updates > and/or filtering criteria. If you can, be sure you have attachment > filtering enabled at your mail gateway. Outlook Email Security Update, > and Outlook 2002, both catch this attachment and prevent it from being > available for the user to click on. > > Cheers, > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
My *.com filter has been working too, but I don't do any file filtering in the SMTP scanner, just the Realtime scanner. -Peter -Original Message- From: Robert T. Echols [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 13:53 To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Antigen has been working with the *.com filter with no problem for me. -Robert -Original Message- From: Saul [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 12:39 PM To: Exchange Discussions Subject:RE: Alert: W32/Myparty-mm on the loose After updating the Virus Definition files Antigen reported it as; Antigen for Exchange found www.myparty.yahoo.com infected with W32/MyParty-A (Sophos,McAfee4,CA(InoculateIT),CA(Vet)) worm. The message is currently Purged. The message, "new photos from my party!", was sent from user and was discovered in user\Outbox located at Company/First Administrative Group/Exchange Server. But before the update, the *.com filter didn't work. Wierd! Saul > And Trend reports it as: > > "WORM_MYPARTY.A" virus was found in attachment "www.myparty.yahoo.com", > ScanMail has moved the attachment to C:\Program Files\Trend\Smex\Virus. > > Paul Chinnery > Network Administrator > Mem Med Ctr > > > -Original Message- > From: John Matteson [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 3:24 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Maybe cause the payload looks like a weblink? > > When Nemix reports, it shows as: > === > The message contained 1 virus(es): > > www.myparty.yahoo.com infected with the [EMAIL PROTECTED] > virus > - - - > === > > Your guess is as good as mine. > > John Matteson; Exchange Manager > Geac Corporate Infrastructure Systems and Standards > (404) 239 - 2981 > My toys! My toys! I can't do this job without my toys! > > > > -Original Message- > From: Saul [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 3:08 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > I am also blocking *.com on our SMTP Scan Job for Antigen but this > attachment slipped by. Luckily the user who got suspected something and > called us. I have updated the virus engines running on our Antigen but I > am curious why the attachment blocking didn't work? Any IDEAS? > > Saul > > > This one slipped by our *.com file matching as well... actually it's been > a > > little hit and miss... some were caught but others were not stopped until > we > > installed the defnition file--We're running Antigen with the Norman def. > > I'm still seeing weird stuff some seem to be getting through he IMC > scan > > and making it to the store and getting disinfected there. That's the > first > > time I've ever seen that. Very odd indeed. Most that are being caught > are > > by the virus definition--because generally we just get the *.com type > block > > message. Wonder what's going on here. > > > > Fortunately we run something different on the desktop--and it had updated > > through the night. > > > > Josh Harmon > > > > > > -Original Message- > > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 8:20 AM > > To: Exchange Discussions > > Subject: RE: Alert: W32/Myparty-mm on the loose > > > > > > Somehow this one slipped past our .com filter on our linux firewall. NAV > > for exchange caught it by the .COM extension, and norton had just > > liveupdated us an hour earlier with the new definitions that would have > > caught it if it wasn't a blocked extension. I think the syntax of the > > attachment code is probably not RFC compliant. > > > > Tom > > > > -Original Message- > > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 9:03 AM > > To: Exchange Discussions > > Subject: RE: Alert: W32/Myparty-mm on the loose > > > > > > Fortunately we're all blocking *.com right? The *.com viruses are going to > > take forever to combat from a social engineering standpoint. It's probably > > worth investing some time in user education on .com files because I think > > this is going to be a new favorite virus writing style for the next few > > months. > > > > Chris Scharff > > The Mail Resource Center > > http://www.mail-resources.com > > > > -Original Message- > > From: Martin Blackstone > > To: Exchange Discussions > > Sent: 1/28/2002 7:57 AM > > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > > > > > -Original Message- > > From: Russ [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 5:45 AM > > To: [EMAIL PROTECTED] > > Subject: Alert: W32/Myparty-mm on the loose > > > > > > Be aware that this morning you will likely find a copy of this new mass > > mailer in your mail systems. This is a pure social engineering attack, it > > contains an attachment na
RE: Electronic Version of Robichaux's Ex5.5 book?
It's available in its entirety at netlibrary.com. I don't know if your city library offers this service; the city of Austin's does. Just type in your library card number and whammo. And yes, I own the book too :) -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Posted At: Monday, January 28, 2002 2:37 PM Posted To: MSExchange Mailing List Conversation: Electronic Version of Robichaux's Ex5.5 book? Subject: Electronic Version of Robichaux's Ex5.5 book? Heya folks, Is there an electronic version of the Exchange 5.5 book, written by Paul Robichaux, titled "Managing Microsoft Exchange Server", published by O'Reilly Press? It would be a lot easier to cut and paste sections of Paul's book into the "Documentation" section of my Change Request Form, than it would be to type it all in manually. TIA Jim Blunt Network / E-mail Admin Network / Infrastructure Group Bechtel Hanford, Inc. 509-372-9188 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
Antigen has been working with the *.com filter with no problem for me. -Robert -Original Message- From: Saul [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 12:39 PM To: Exchange Discussions Subject:RE: Alert: W32/Myparty-mm on the loose After updating the Virus Definition files Antigen reported it as; Antigen for Exchange found www.myparty.yahoo.com infected with W32/MyParty-A (Sophos,McAfee4,CA(InoculateIT),CA(Vet)) worm. The message is currently Purged. The message, "new photos from my party!", was sent from user and was discovered in user\Outbox located at Company/First Administrative Group/Exchange Server. But before the update, the *.com filter didn't work. Wierd! Saul > And Trend reports it as: > > "WORM_MYPARTY.A" virus was found in attachment "www.myparty.yahoo.com", > ScanMail has moved the attachment to C:\Program Files\Trend\Smex\Virus. > > Paul Chinnery > Network Administrator > Mem Med Ctr > > > -Original Message- > From: John Matteson [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 3:24 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Maybe cause the payload looks like a weblink? > > When Nemix reports, it shows as: > === > The message contained 1 virus(es): > > www.myparty.yahoo.com infected with the [EMAIL PROTECTED] > virus > - - - > === > > Your guess is as good as mine. > > John Matteson; Exchange Manager > Geac Corporate Infrastructure Systems and Standards > (404) 239 - 2981 > My toys! My toys! I can't do this job without my toys! > > > > -Original Message- > From: Saul [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 3:08 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > I am also blocking *.com on our SMTP Scan Job for Antigen but this > attachment slipped by. Luckily the user who got suspected something and > called us. I have updated the virus engines running on our Antigen but I > am curious why the attachment blocking didn't work? Any IDEAS? > > Saul > > > This one slipped by our *.com file matching as well... actually it's been > a > > little hit and miss... some were caught but others were not stopped until > we > > installed the defnition file--We're running Antigen with the Norman def. > > I'm still seeing weird stuff some seem to be getting through he IMC > scan > > and making it to the store and getting disinfected there. That's the > first > > time I've ever seen that. Very odd indeed. Most that are being caught > are > > by the virus definition--because generally we just get the *.com type > block > > message. Wonder what's going on here. > > > > Fortunately we run something different on the desktop--and it had updated > > through the night. > > > > Josh Harmon > > > > > > -Original Message- > > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 8:20 AM > > To: Exchange Discussions > > Subject: RE: Alert: W32/Myparty-mm on the loose > > > > > > Somehow this one slipped past our .com filter on our linux firewall. NAV > > for exchange caught it by the .COM extension, and norton had just > > liveupdated us an hour earlier with the new definitions that would have > > caught it if it wasn't a blocked extension. I think the syntax of the > > attachment code is probably not RFC compliant. > > > > Tom > > > > -Original Message- > > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 9:03 AM > > To: Exchange Discussions > > Subject: RE: Alert: W32/Myparty-mm on the loose > > > > > > Fortunately we're all blocking *.com right? The *.com viruses are going to > > take forever to combat from a social engineering standpoint. It's probably > > worth investing some time in user education on .com files because I think > > this is going to be a new favorite virus writing style for the next few > > months. > > > > Chris Scharff > > The Mail Resource Center > > http://www.mail-resources.com > > > > -Original Message- > > From: Martin Blackstone > > To: Exchange Discussions > > Sent: 1/28/2002 7:57 AM > > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > > > > > -Original Message- > > From: Russ [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 5:45 AM > > To: [EMAIL PROTECTED] > > Subject: Alert: W32/Myparty-mm on the loose > > > > > > Be aware that this morning you will likely find a copy of this new mass > > mailer in your mail systems. This is a pure social engineering attack, it > > contains an attachment named as a URL with a .com extension. Since .com is > > also an application, it will be run as such if its double-clicked on. > Check > > with your AV company for updates and/or filtering criteria. If you can, be > > sure you have attachment filtering enabled at your mail gateway. Outlook > > Email Security Update, and Ou
RE: Electronic Version of Robichaux's Ex5.5 book?
William, Thanks. While it didn't give me the chapter I was looking for (was looking for Chap. 2) it still gave me some good info on Erratta and such. Jim -Original Message- From: William Lefkovics [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 12:44 PM To: Exchange Discussions Subject: Re: Electronic Version of Robichaux's Ex5.5 book? A chapter or two is available at the O'Reilly site and the Microsoft site (chapter 9 I think). But I have not seen one available. And, yes, I have a copy of the book. You might ask Paul himself. [EMAIL PROTECTED] www.exchangefaq.org William - Original Message - From: "Blunt, James H (Jim)" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 12:37 PM Subject: Electronic Version of Robichaux's Ex5.5 book? > Heya folks, > > Is there an electronic version of the Exchange 5.5 book, written by > Paul Robichaux, titled "Managing Microsoft Exchange Server", published > by O'Reilly Press? It would be a lot easier to cut and paste sections > of Paul's book into the "Documentation" section of my Change Request > Form, than > it would be to type it all in manually. > > TIA > > Jim Blunt > Network / E-mail Admin > Network / Infrastructure Group > Bechtel Hanford, Inc. > 509-372-9188 > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
Sounds like Trend is able to keep up with NAI ;) We have been using WebShield SMTP and it has not been fooled. We block everything executable under the sun since the creation of the sun. We are blocking at a rate of 2-3 a minute; first with content filtering and lately with the Extra.dat file that they supplied for both versions. Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -Original Message- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 12:33 PM To: Powell, Ken Subject: Re: Alert: W32/Myparty-mm on the loose Trend Scanmail 6.0 nailed it, blocking .com's and it was not fooled, stped it as early as 22:00 on the 27th. - Original Message - From: "Martin Blackstone" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 8:22 AM Subject: RE: Alert: W32/Myparty-mm on the loose > Also another classic example of what a POS Mcafee is. They are saying they > will release a DAT for it on the 30th > > -Original Message- > From: Couch, Nate [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 7:21 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Most of the systems I am monitoring are blocking it as a VBS script. > > Nate Couch > EDS Messaging > > -Original Message- > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:36 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > trend has just launched pattern 212 > > -Original Message- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: 28 January, 2002 3:20 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. NAV for > exchange caught it by the .COM extension, and norton had just liveupdated us > an hour earlier with the new definitions that would have caught it if it > wasn't a blocked extension. I think the syntax of the attachment code is > probably not RFC compliant. > > Tom > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are going to > take forever to combat from a social engineering standpoint. It's probably > worth investing some time in user education on .com files because I think > this is going to be a new favorite virus writing style for the next few > months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -Original Message- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -Original Message- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new mass > mailer in your mail systems. This is a pure social engineering attack, it > contains an attachment named as a URL with a .com extension. Since .com is > also an application, it will be run as such if its double-clicked on. Check > with your AV company for updates and/or filtering criteria. If you can, be > sure you have attachment filtering enabled at your mail gateway. Outlook > Email Security Update, and Outlook 2002, both catch this attachment and > prevent it from being available for the user to click on. > > Cheers, > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAI
RE: Public Folders inaccessible
Problem resolved. An entry in the HOSTS file was causing some users to point to folders on the old server. Other users on the same machines were not having the problem, so we never suspected a HOSTS issue. HOSTS should never come into the equation, but that's a problem for another day. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Electronic Version of Robichaux's Ex5.5 book?
A chapter or two is available at the O'Reilly site and the Microsoft site (chapter 9 I think). But I have not seen one available. And, yes, I have a copy of the book. You might ask Paul himself. [EMAIL PROTECTED] www.exchangefaq.org William - Original Message - From: "Blunt, James H (Jim)" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 12:37 PM Subject: Electronic Version of Robichaux's Ex5.5 book? > Heya folks, > > Is there an electronic version of the Exchange 5.5 book, written by Paul > Robichaux, titled "Managing Microsoft Exchange Server", published by > O'Reilly Press? It would be a lot easier to cut and paste sections of > Paul's book into the "Documentation" section of my Change Request Form, than > it would be to type it all in manually. > > TIA > > Jim Blunt > Network / E-mail Admin > Network / Infrastructure Group > Bechtel Hanford, Inc. > 509-372-9188 > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
After updating the Virus Definition files Antigen reported it as; Antigen for Exchange found www.myparty.yahoo.com infected with W32/MyParty-A (Sophos,McAfee4,CA(InoculateIT),CA(Vet)) worm. The message is currently Purged. The message, "new photos from my party!", was sent from user and was discovered in user\Outbox located at Company/First Administrative Group/Exchange Server. But before the update, the *.com filter didn't work. Wierd! Saul > And Trend reports it as: > > "WORM_MYPARTY.A" virus was found in attachment "www.myparty.yahoo.com", > ScanMail has moved the attachment to C:\Program Files\Trend\Smex\Virus. > > Paul Chinnery > Network Administrator > Mem Med Ctr > > > -Original Message- > From: John Matteson [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 3:24 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Maybe cause the payload looks like a weblink? > > When Nemix reports, it shows as: > === > The message contained 1 virus(es): > > www.myparty.yahoo.com infected with the [EMAIL PROTECTED] > virus > - - - > === > > Your guess is as good as mine. > > John Matteson; Exchange Manager > Geac Corporate Infrastructure Systems and Standards > (404) 239 - 2981 > My toys! My toys! I can't do this job without my toys! > > > > -Original Message- > From: Saul [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 3:08 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > I am also blocking *.com on our SMTP Scan Job for Antigen but this > attachment slipped by. Luckily the user who got suspected something and > called us. I have updated the virus engines running on our Antigen but I > am curious why the attachment blocking didn't work? Any IDEAS? > > Saul > > > This one slipped by our *.com file matching as well... actually it's been > a > > little hit and miss... some were caught but others were not stopped until > we > > installed the defnition file--We're running Antigen with the Norman def. > > I'm still seeing weird stuff some seem to be getting through he IMC > scan > > and making it to the store and getting disinfected there. That's the > first > > time I've ever seen that. Very odd indeed. Most that are being caught > are > > by the virus definition--because generally we just get the *.com type > block > > message. Wonder what's going on here. > > > > Fortunately we run something different on the desktop--and it had updated > > through the night. > > > > Josh Harmon > > > > > > -Original Message- > > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 8:20 AM > > To: Exchange Discussions > > Subject: RE: Alert: W32/Myparty-mm on the loose > > > > > > Somehow this one slipped past our .com filter on our linux firewall. NAV > > for exchange caught it by the .COM extension, and norton had just > > liveupdated us an hour earlier with the new definitions that would have > > caught it if it wasn't a blocked extension. I think the syntax of the > > attachment code is probably not RFC compliant. > > > > Tom > > > > -Original Message- > > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 9:03 AM > > To: Exchange Discussions > > Subject: RE: Alert: W32/Myparty-mm on the loose > > > > > > Fortunately we're all blocking *.com right? The *.com viruses are going to > > take forever to combat from a social engineering standpoint. It's probably > > worth investing some time in user education on .com files because I think > > this is going to be a new favorite virus writing style for the next few > > months. > > > > Chris Scharff > > The Mail Resource Center > > http://www.mail-resources.com > > > > -Original Message- > > From: Martin Blackstone > > To: Exchange Discussions > > Sent: 1/28/2002 7:57 AM > > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > > > > > -Original Message- > > From: Russ [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 5:45 AM > > To: [EMAIL PROTECTED] > > Subject: Alert: W32/Myparty-mm on the loose > > > > > > Be aware that this morning you will likely find a copy of this new mass > > mailer in your mail systems. This is a pure social engineering attack, it > > contains an attachment named as a URL with a .com extension. Since .com is > > also an application, it will be run as such if its double-clicked on. > Check > > with your AV company for updates and/or filtering criteria. If you can, be > > sure you have attachment filtering enabled at your mail gateway. Outlook > > Email Security Update, and Outlook 2002, both catch this attachment and > > prevent it from being available for the user to click on. > > > > Cheers, > > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > > > > _ > > Li
Electronic Version of Robichaux's Ex5.5 book?
Heya folks, Is there an electronic version of the Exchange 5.5 book, written by Paul Robichaux, titled "Managing Microsoft Exchange Server", published by O'Reilly Press? It would be a lot easier to cut and paste sections of Paul's book into the "Documentation" section of my Change Request Form, than it would be to type it all in manually. TIA Jim Blunt Network / E-mail Admin Network / Infrastructure Group Bechtel Hanford, Inc. 509-372-9188 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Alert: W32/Myparty-mm on the loose
Trend Scanmail 6.0 nailed it, blocking .com's and it was not fooled, stped it as early as 22:00 on the 27th. - Original Message - From: "Martin Blackstone" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 8:22 AM Subject: RE: Alert: W32/Myparty-mm on the loose > Also another classic example of what a POS Mcafee is. They are saying they > will release a DAT for it on the 30th > > -Original Message- > From: Couch, Nate [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 7:21 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Most of the systems I am monitoring are blocking it as a VBS script. > > Nate Couch > EDS Messaging > > -Original Message- > From: Kim Schotanus [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:36 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > trend has just launched pattern 212 > > -Original Message- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: 28 January, 2002 3:20 PM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. NAV for > exchange caught it by the .COM extension, and norton had just liveupdated us > an hour earlier with the new definitions that would have caught it if it > wasn't a blocked extension. I think the syntax of the attachment code is > probably not RFC compliant. > > Tom > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are going to > take forever to combat from a social engineering standpoint. It's probably > worth investing some time in user education on .com files because I think > this is going to be a new favorite virus writing style for the next few > months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -Original Message- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -Original Message- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new mass > mailer in your mail systems. This is a pure social engineering attack, it > contains an attachment named as a URL with a .com extension. Since .com is > also an application, it will be run as such if its double-clicked on. Check > with your AV company for updates and/or filtering criteria. If you can, be > sure you have attachment filtering enabled at your mail gateway. Outlook > Email Security Update, and Outlook 2002, both catch this attachment and > prevent it from being available for the user to click on. > > Cheers, > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
And Trend reports it as: "WORM_MYPARTY.A" virus was found in attachment "www.myparty.yahoo.com", ScanMail has moved the attachment to C:\Program Files\Trend\Smex\Virus. Paul Chinnery Network Administrator Mem Med Ctr -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 3:24 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Maybe cause the payload looks like a weblink? When Nemix reports, it shows as: === The message contained 1 virus(es): www.myparty.yahoo.com infected with the [EMAIL PROTECTED] virus - - - === Your guess is as good as mine. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 My toys! My toys! I can't do this job without my toys! -Original Message- From: Saul [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 3:08 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I am also blocking *.com on our SMTP Scan Job for Antigen but this attachment slipped by. Luckily the user who got suspected something and called us. I have updated the virus engines running on our Antigen but I am curious why the attachment blocking didn't work? Any IDEAS? Saul > This one slipped by our *.com file matching as well... actually it's been a > little hit and miss... some were caught but others were not stopped until we > installed the defnition file--We're running Antigen with the Norman def. > I'm still seeing weird stuff some seem to be getting through he IMC scan > and making it to the store and getting disinfected there. That's the first > time I've ever seen that. Very odd indeed. Most that are being caught are > by the virus definition--because generally we just get the *.com type block > message. Wonder what's going on here. > > Fortunately we run something different on the desktop--and it had updated > through the night. > > Josh Harmon > > > -Original Message- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:20 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. NAV > for exchange caught it by the .COM extension, and norton had just > liveupdated us an hour earlier with the new definitions that would have > caught it if it wasn't a blocked extension. I think the syntax of the > attachment code is probably not RFC compliant. > > Tom > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are going to > take forever to combat from a social engineering standpoint. It's probably > worth investing some time in user education on .com files because I think > this is going to be a new favorite virus writing style for the next few > months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -Original Message- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -Original Message- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new mass > mailer in your mail systems. This is a pure social engineering attack, it > contains an attachment named as a URL with a .com extension. Since .com is > also an application, it will be run as such if its double-clicked on. Check > with your AV company for updates and/or filtering criteria. If you can, be > sure you have attachment filtering enabled at your mail gateway. Outlook > Email Security Update, and Outlook 2002, both catch this attachment and > prevent it from being available for the user to click on. > > Cheers, > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesear
RE: Alert: W32/Myparty-mm on the loose
Maybe cause the payload looks like a weblink? When Nemix reports, it shows as: === The message contained 1 virus(es): www.myparty.yahoo.com infected with the [EMAIL PROTECTED] virus - - - === Your guess is as good as mine. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 My toys! My toys! I can't do this job without my toys! -Original Message- From: Saul [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 3:08 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose I am also blocking *.com on our SMTP Scan Job for Antigen but this attachment slipped by. Luckily the user who got suspected something and called us. I have updated the virus engines running on our Antigen but I am curious why the attachment blocking didn't work? Any IDEAS? Saul > This one slipped by our *.com file matching as well... actually it's been a > little hit and miss... some were caught but others were not stopped until we > installed the defnition file--We're running Antigen with the Norman def. > I'm still seeing weird stuff some seem to be getting through he IMC scan > and making it to the store and getting disinfected there. That's the first > time I've ever seen that. Very odd indeed. Most that are being caught are > by the virus definition--because generally we just get the *.com type block > message. Wonder what's going on here. > > Fortunately we run something different on the desktop--and it had updated > through the night. > > Josh Harmon > > > -Original Message- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:20 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. NAV > for exchange caught it by the .COM extension, and norton had just > liveupdated us an hour earlier with the new definitions that would have > caught it if it wasn't a blocked extension. I think the syntax of the > attachment code is probably not RFC compliant. > > Tom > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are going to > take forever to combat from a social engineering standpoint. It's probably > worth investing some time in user education on .com files because I think > this is going to be a new favorite virus writing style for the next few > months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -Original Message- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -Original Message- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new mass > mailer in your mail systems. This is a pure social engineering attack, it > contains an attachment named as a URL with a .com extension. Since .com is > also an application, it will be run as such if its double-clicked on. Check > with your AV company for updates and/or filtering criteria. If you can, be > sure you have attachment filtering enabled at your mail gateway. Outlook > Email Security Update, and Outlook 2002, both catch this attachment and > prevent it from being available for the user to click on. > > Cheers, > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Any way to change items in IMS queue
Well, push comes to shove you can edit those messages (they're just text) and change the incorrect domain name to the correct one and drop them back in the \out directory. - Original Message - From: "Arch Willingham" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 2:18 PM Subject: RE: Any way to change items in IMS queue > Zippo! > > -Original Message- > From: Daniel Chenault [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 11:33 AM > To: Exchange Discussions > Subject: Re: Any way to change items in IMS queue > > > Anything in the event viewer? > > - Original Message - > From: "Arch Willingham" <[EMAIL PROTECTED]> > To: "Exchange Discussions" <[EMAIL PROTECTED]> > Sent: Monday, January 28, 2002 9:35 AM > Subject: RE: Any way to change items in IMS queue > > > > Daniel: > > > > Good idea! It worked...sort of. If I stop and restart the IMS service, it > > now gives me an error saying: > > > > The Microsoft Exchange Internet Mail Service service terminated > > unexpectedly. It has done this 8 time(s). The following corrective > action > > will be taken in 0 milliseconds: No action. > > > > I scooted all of the messages over to a temp directory and re-started it. > It > > started fine. I stopped it and moved a few at a time and re-started it. A > > couple of the messages are causing the problem - any idea why? > > > > Arch > > > > -Original Message- > > From: Daniel Chenault [mailto:[EMAIL PROTECTED]] > > Sent: Sunday, January 27, 2002 4:19 PM > > To: Exchange Discussions > > Subject: Re: Any way to change items in IMS queue > > > > > > Ouch... > > > > 1. A search-and-replace utility. Run it against the \exchsrvr\imcdata\out > > directory and replace all instances of 1.2.3.4 with a name. That name will > > exist in the HOSTS files mapping to the correct IP. > > 2. Set the IMS to accept messages for 1.2.3.4 and redirect to the correct > > name or correct IP. Move those messages out of the \out folder and into > the > > \in folder. > > > > - Original Message - > > From: "Arch Willingham" <[EMAIL PROTECTED]> > > To: "Exchange Discussions" <[EMAIL PROTECTED]> > > Sent: Sunday, January 27, 2002 2:24 PM > > Subject: RE: Any way to change items in IMS queue > > > > > > > I'll make it worse...the old name was just an IP address. The guy that > set > > > it up used the ip address instead of a name. Will it still work? > > > > > > -Original Message- > > > From: Daniel Chenault [mailto:[EMAIL PROTECTED]] > > > Sent: Sunday, January 27, 2002 2:50 PM > > > To: Exchange Discussions > > > Subject: Re: Any way to change items in IMS queue > > > > > > > > > Fastest way would be to make an entry in the server's HOSTS file pairing > > the > > > old name with the new IP. Keep it until those items flush out. > > > > > > - Original Message - > > > From: "Arch Willingham" <[EMAIL PROTECTED]> > > > To: "Exchange Discussions" <[EMAIL PROTECTED]> > > > Sent: Sunday, January 27, 2002 12:52 PM > > > Subject: Any way to change items in IMS queue > > > > > > > > > > I have a bunch of items that are stacked up in the IMS queue. The site > > > name > > > > where they used to get delivered to has changed and has a new ip > > address. > > > Is > > > > there any way to change the existing items so that they will go to the > > new > > > > address? > > > > > > > > Thanks, > > > > > > > > Arch Willingham > > > > > > > > _ > > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > > Exchange List admin:[EMAIL PROTECTED] > > > > > > > > > > _ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin:[EMAIL PROTECTED] > > > > > > _ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin:[EMAIL PROTECTED] > > > > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubs
RE: Any way to change items in IMS queue
Zippo! -Original Message- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:33 AM To: Exchange Discussions Subject: Re: Any way to change items in IMS queue Anything in the event viewer? - Original Message - From: "Arch Willingham" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 9:35 AM Subject: RE: Any way to change items in IMS queue > Daniel: > > Good idea! It worked...sort of. If I stop and restart the IMS service, it > now gives me an error saying: > > The Microsoft Exchange Internet Mail Service service terminated > unexpectedly. It has done this 8 time(s). The following corrective action > will be taken in 0 milliseconds: No action. > > I scooted all of the messages over to a temp directory and re-started it. It > started fine. I stopped it and moved a few at a time and re-started it. A > couple of the messages are causing the problem - any idea why? > > Arch > > -Original Message- > From: Daniel Chenault [mailto:[EMAIL PROTECTED]] > Sent: Sunday, January 27, 2002 4:19 PM > To: Exchange Discussions > Subject: Re: Any way to change items in IMS queue > > > Ouch... > > 1. A search-and-replace utility. Run it against the \exchsrvr\imcdata\out > directory and replace all instances of 1.2.3.4 with a name. That name will > exist in the HOSTS files mapping to the correct IP. > 2. Set the IMS to accept messages for 1.2.3.4 and redirect to the correct > name or correct IP. Move those messages out of the \out folder and into the > \in folder. > > - Original Message - > From: "Arch Willingham" <[EMAIL PROTECTED]> > To: "Exchange Discussions" <[EMAIL PROTECTED]> > Sent: Sunday, January 27, 2002 2:24 PM > Subject: RE: Any way to change items in IMS queue > > > > I'll make it worse...the old name was just an IP address. The guy that set > > it up used the ip address instead of a name. Will it still work? > > > > -Original Message- > > From: Daniel Chenault [mailto:[EMAIL PROTECTED]] > > Sent: Sunday, January 27, 2002 2:50 PM > > To: Exchange Discussions > > Subject: Re: Any way to change items in IMS queue > > > > > > Fastest way would be to make an entry in the server's HOSTS file pairing > the > > old name with the new IP. Keep it until those items flush out. > > > > - Original Message - > > From: "Arch Willingham" <[EMAIL PROTECTED]> > > To: "Exchange Discussions" <[EMAIL PROTECTED]> > > Sent: Sunday, January 27, 2002 12:52 PM > > Subject: Any way to change items in IMS queue > > > > > > > I have a bunch of items that are stacked up in the IMS queue. The site > > name > > > where they used to get delivered to has changed and has a new ip > address. > > Is > > > there any way to change the existing items so that they will go to the > new > > > address? > > > > > > Thanks, > > > > > > Arch Willingham > > > > > > _ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin:[EMAIL PROTECTED] > > > > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED
RE: Alert: W32/Myparty-mm on the loose
a stripper in orlando -Original Message- From: Barry Patterson [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 3:00 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose So, who is this Melissa? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy David Sent: Monday, January 28, 2002 1:43 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose multiple times... -Original Message- From: Hunter, Lori [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 2:25 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose John, you are ever the optimist. Now don't get me started on that little three-letter-acronym networking company based in Dallas again the one where the CEO and the CIO each launched LoveLetter and Melissa multiple times and to my knowledge they still have nothing, nada, nil, on their mail servers. Humph. -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:58 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose One would think (and since it's Monday, that may be a hard thing for some), that with all the recent press coverage on mail-enabled viri (let's not get into a semantics fight), that mail administrators, network security workers, management and all the other yahoos involved in a private enterprise or commercial e-mail service would PUT SOME VIRUS PROTECTION ON THEIR MAIL SERVERS! I don't know how many "MyParty" attachments were cleaned up before Nemex kicked in and picked up it's new update this morning, but I've been getting alerts, for this particular bug, at about 45 per hour since this morning. HELLO! IS ANYONE OUT THERE LISTENING?! And yes I know I'm yelling at the choir here. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 He who would learn to fly one day must first learn to stand and walk and run and climb and dance; One cannot fly into flying. -- Friedrich Nietzsche _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
I am also blocking *.com on our SMTP Scan Job for Antigen but this attachment slipped by. Luckily the user who got suspected something and called us. I have updated the virus engines running on our Antigen but I am curious why the attachment blocking didn't work? Any IDEAS? Saul > This one slipped by our *.com file matching as well... actually it's been a > little hit and miss... some were caught but others were not stopped until we > installed the defnition file--We're running Antigen with the Norman def. > I'm still seeing weird stuff some seem to be getting through he IMC scan > and making it to the store and getting disinfected there. That's the first > time I've ever seen that. Very odd indeed. Most that are being caught are > by the virus definition--because generally we just get the *.com type block > message. Wonder what's going on here. > > Fortunately we run something different on the desktop--and it had updated > through the night. > > Josh Harmon > > > -Original Message- > From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:20 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Somehow this one slipped past our .com filter on our linux firewall. NAV > for exchange caught it by the .COM extension, and norton had just > liveupdated us an hour earlier with the new definitions that would have > caught it if it wasn't a blocked extension. I think the syntax of the > attachment code is probably not RFC compliant. > > Tom > > -Original Message- > From: Chris Scharff [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 9:03 AM > To: Exchange Discussions > Subject: RE: Alert: W32/Myparty-mm on the loose > > > Fortunately we're all blocking *.com right? The *.com viruses are going to > take forever to combat from a social engineering standpoint. It's probably > worth investing some time in user education on .com files because I think > this is going to be a new favorite virus writing style for the next few > months. > > Chris Scharff > The Mail Resource Center > http://www.mail-resources.com > > -Original Message- > From: Martin Blackstone > To: Exchange Discussions > Sent: 1/28/2002 7:57 AM > Subject: FW: Alert: W32/Myparty-mm on the loose > > > > -Original Message- > From: Russ [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 5:45 AM > To: [EMAIL PROTECTED] > Subject: Alert: W32/Myparty-mm on the loose > > > Be aware that this morning you will likely find a copy of this new mass > mailer in your mail systems. This is a pure social engineering attack, it > contains an attachment named as a URL with a .com extension. Since .com is > also an application, it will be run as such if its double-clicked on. Check > with your AV company for updates and/or filtering criteria. If you can, be > sure you have attachment filtering enabled at your mail gateway. Outlook > Email Security Update, and Outlook 2002, both catch this attachment and > prevent it from being available for the user to click on. > > Cheers, > Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
This one slipped by our *.com file matching as well... actually it's been a little hit and miss... some were caught but others were not stopped until we installed the defnition file--We're running Antigen with the Norman def. I'm still seeing weird stuff some seem to be getting through he IMC scan and making it to the store and getting disinfected there. That's the first time I've ever seen that. Very odd indeed. Most that are being caught are by the virus definition--because generally we just get the *.com type block message. Wonder what's going on here. Fortunately we run something different on the desktop--and it had updated through the night. Josh Harmon -Original Message- From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:20 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Somehow this one slipped past our .com filter on our linux firewall. NAV for exchange caught it by the .COM extension, and norton had just liveupdated us an hour earlier with the new definitions that would have caught it if it wasn't a blocked extension. I think the syntax of the attachment code is probably not RFC compliant. Tom -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:03 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Fortunately we're all blocking *.com right? The *.com viruses are going to take forever to combat from a social engineering standpoint. It's probably worth investing some time in user education on .com files because I think this is going to be a new favorite virus writing style for the next few months. Chris Scharff The Mail Resource Center http://www.mail-resources.com -Original Message- From: Martin Blackstone To: Exchange Discussions Sent: 1/28/2002 7:57 AM Subject: FW: Alert: W32/Myparty-mm on the loose -Original Message- From: Russ [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:45 AM To: [EMAIL PROTECTED] Subject: Alert: W32/Myparty-mm on the loose Be aware that this morning you will likely find a copy of this new mass mailer in your mail systems. This is a pure social engineering attack, it contains an attachment named as a URL with a .com extension. Since .com is also an application, it will be run as such if its double-clicked on. Check with your AV company for updates and/or filtering criteria. If you can, be sure you have attachment filtering enabled at your mail gateway. Outlook Email Security Update, and Outlook 2002, both catch this attachment and prevent it from being available for the user to click on. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
So, who is this Melissa? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy David Sent: Monday, January 28, 2002 1:43 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose multiple times... -Original Message- From: Hunter, Lori [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 2:25 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose John, you are ever the optimist. Now don't get me started on that little three-letter-acronym networking company based in Dallas again the one where the CEO and the CIO each launched LoveLetter and Melissa multiple times and to my knowledge they still have nothing, nada, nil, on their mail servers. Humph. -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:58 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose One would think (and since it's Monday, that may be a hard thing for some), that with all the recent press coverage on mail-enabled viri (let's not get into a semantics fight), that mail administrators, network security workers, management and all the other yahoos involved in a private enterprise or commercial e-mail service would PUT SOME VIRUS PROTECTION ON THEIR MAIL SERVERS! I don't know how many "MyParty" attachments were cleaned up before Nemex kicked in and picked up it's new update this morning, but I've been getting alerts, for this particular bug, at about 45 per hour since this morning. HELLO! IS ANYONE OUT THERE LISTENING?! And yes I know I'm yelling at the choir here. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 He who would learn to fly one day must first learn to stand and walk and run and climb and dance; One cannot fly into flying. -- Friedrich Nietzsche _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
multiple times... -Original Message- From: Hunter, Lori [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 2:25 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose John, you are ever the optimist. Now don't get me started on that little three-letter-acronym networking company based in Dallas again the one where the CEO and the CIO each launched LoveLetter and Melissa multiple times and to my knowledge they still have nothing, nada, nil, on their mail servers. Humph. -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:58 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose One would think (and since it's Monday, that may be a hard thing for some), that with all the recent press coverage on mail-enabled viri (let's not get into a semantics fight), that mail administrators, network security workers, management and all the other yahoos involved in a private enterprise or commercial e-mail service would PUT SOME VIRUS PROTECTION ON THEIR MAIL SERVERS! I don't know how many "MyParty" attachments were cleaned up before Nemex kicked in and picked up it's new update this morning, but I've been getting alerts, for this particular bug, at about 45 per hour since this morning. HELLO! IS ANYONE OUT THERE LISTENING?! And yes I know I'm yelling at the choir here. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 He who would learn to fly one day must first learn to stand and walk and run and climb and dance; One cannot fly into flying. -- Friedrich Nietzsche _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. == _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Move mailbox = can't reveive ?
The official recommendation ... http://support.microsoft.com/default.aspx?scid=kb;en-us;Q259751. According to this, you may only need as little as 10MB to free up the service. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Brady Sent: Monday, January 28, 2002 10:01 AM To: Exchange Discussions Subject: RE: Move mailbox = can't reveive ? Users shouldn't be connected to the server while their mailboxes are being moved, nor can mailboxes accept mail while they are being moved (assuming your using the mailbox tool). 1 GB question - done this myself and works great ... freeing up a few hundred MB does get the store back up quickly, although I've never see this on a best practices list. Quicker than moving the logs to another drive. Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Herold Heiko Sent: Monday, January 28, 2002 6:30 AM To: Exchange Discussions Subject: Move mailbox = can't reveive ? EX4.4 sp4 say, server Gateway (IMC connector only), server A and server B (mailboxes). During move mailbox from A to B arrived a incoming mail (smtp to Gateway) for the mailbox on the move. server A sent back a reply Your message ... did not reach the following recipient(s): on Mon, 28 Jan 2002 12:33:39 +0100 Unable to deliver the message due to a communications failure The MTS-ID of the original message is: c=us;a= ;p=<...> ;l=020201281117D5DWCYXN MSEXCH:MSExchangeMTA:: Is this normal ? During move mailbox incoming external mail is rejected ? I could not find any reference to this in technet (well, searched only for a couple of minutes to be honest, found nothing related). Similary, I was looking exactly when a services will shut down for no more space available (now you know why I'm moving mailboxes :), the only thing I found was several references (EX 5.5 Server Guide, Administering and Maintaining, the Disaster Recovery White paper and similar) to res1.log and res2.log. Those are 5MB each and are used as last resort when the disk is full - does this mean services shut down really at the last moment (new page can't be allocated) ? Somehow I always thought it would shutdown with some % of disk space still available. If the services do shutdown when the store partition is really full could it be considered a good practice creating a 1GB (or something) file, which can be deleted in order to create space as last resort... say, to restart services and move somewhere else some mailboxes or public folders ? Then decide if to spank the users who eat space like peanuts or the managers who want won't allow space limits, in order to use the "infinite resources" approach for supposedly faster development but won't fund the same infinite (or at least sufficent) approach to server space ? Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Ferretto, 1ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 -- ITALY _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
John, you are ever the optimist. Now don't get me started on that little three-letter-acronym networking company based in Dallas again the one where the CEO and the CIO each launched LoveLetter and Melissa multiple times and to my knowledge they still have nothing, nada, nil, on their mail servers. Humph. -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:58 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose One would think (and since it's Monday, that may be a hard thing for some), that with all the recent press coverage on mail-enabled viri (let's not get into a semantics fight), that mail administrators, network security workers, management and all the other yahoos involved in a private enterprise or commercial e-mail service would PUT SOME VIRUS PROTECTION ON THEIR MAIL SERVERS! I don't know how many "MyParty" attachments were cleaned up before Nemex kicked in and picked up it's new update this morning, but I've been getting alerts, for this particular bug, at about 45 per hour since this morning. HELLO! IS ANYONE OUT THERE LISTENING?! And yes I know I'm yelling at the choir here. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 He who would learn to fly one day must first learn to stand and walk and run and climb and dance; One cannot fly into flying. -- Friedrich Nietzsche _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Unable to clean your free/busy information on the server
How about creating a *new* profile and have him re-sync? -Original Message- From: Elkins, Jerry D [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 12:53 PM To: Exchange Discussions Subject: Unable to clean your free/busy information on the server Update: I completely deleted the profile using the undocumented switch (From O'Reilly and Associates) /cleanprofile, I also physically deleted all of the files in his Application Data/Outlook folder .FAV, .OST etc. And still have the problem. Any other ideas, this is starting to get critical. What do you think about a problem with the actual NT profile? Please help. Jerry _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. == _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Move mailbox = can't reveive ?
Users shouldn't be connected to the server while their mailboxes are being moved, nor can mailboxes accept mail while they are being moved (assuming your using the mailbox tool). 1 GB question - done this myself and works great ... freeing up a few hundred MB does get the store back up quickly, although I've never see this on a best practices list. Quicker than moving the logs to another drive. Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Herold Heiko Sent: Monday, January 28, 2002 6:30 AM To: Exchange Discussions Subject: Move mailbox = can't reveive ? EX4.4 sp4 say, server Gateway (IMC connector only), server A and server B (mailboxes). During move mailbox from A to B arrived a incoming mail (smtp to Gateway) for the mailbox on the move. server A sent back a reply Your message ... did not reach the following recipient(s): on Mon, 28 Jan 2002 12:33:39 +0100 Unable to deliver the message due to a communications failure The MTS-ID of the original message is: c=us;a= ;p=<...> ;l=020201281117D5DWCYXN MSEXCH:MSExchangeMTA:: Is this normal ? During move mailbox incoming external mail is rejected ? I could not find any reference to this in technet (well, searched only for a couple of minutes to be honest, found nothing related). Similary, I was looking exactly when a services will shut down for no more space available (now you know why I'm moving mailboxes :), the only thing I found was several references (EX 5.5 Server Guide, Administering and Maintaining, the Disaster Recovery White paper and similar) to res1.log and res2.log. Those are 5MB each and are used as last resort when the disk is full - does this mean services shut down really at the last moment (new page can't be allocated) ? Somehow I always thought it would shutdown with some % of disk space still available. If the services do shutdown when the store partition is really full could it be considered a good practice creating a 1GB (or something) file, which can be deleted in order to create space as last resort... say, to restart services and move somewhere else some mailboxes or public folders ? Then decide if to spank the users who eat space like peanuts or the managers who want won't allow space limits, in order to use the "infinite resources" approach for supposedly faster development but won't fund the same infinite (or at least sufficent) approach to server space ? Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Ferretto, 1ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 -- ITALY _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Unable to clean your free/busy information on the server
Update: I completely deleted the profile using the undocumented switch (From O'Reilly and Associates) /cleanprofile, I also physically deleted all of the files in his Application Data/Outlook folder .FAV, .OST etc. And still have the problem. Any other ideas, this is starting to get critical. What do you think about a problem with the actual NT profile? Please help. Jerry _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Public Folders inaccessible
We tried different new names, but not that one. > Are you changing the name of the profile to the name I suggested? I suspect > not. > > > -Original Message- > > From: Bob Andrews [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 11:37 AM > > To: Exchange Discussions > > Subject: RE: Public Folders inaccessible > > > > > > PFs were rehomed, but perhaps something went wrong there. > > They look OK. We're finding that we can create new Outlook > > profiles for new users on the same machines that had the > > error, but no luck with new Outlook profiles for old users. > > We've done screen dumps of the registry settings for a new > > user and are comparing to settings on an old user. Maybe > > we'll find the problem there. > > > > BTW, we'd decommission old servers with a BFH, but are > > required to recycle. > > > > > Sounds like perhaps not all PFs were properly rehomed prior to the > > > decommissioning of the old server.[1] I bet that if you > > create a new > > > outlook profile on their existing machines named > > > "CompletelyNewProfile" and connect using that you'll find the error > > > doesn't occur either. If that's the case, then the > > information about > > > the old PFs is likely stored in the registry settings for > > the original > > > profile... Please don't ask me what they are though. > > > > > > > > > [1]Do they hold decommissioning ceremonies for old Exchange servers > > > similar to the ones they hold for old ships? > > > > > > Chris > > > -- > > > Chris Scharff > > > Senior Sales Engineer > > > MessageOne > > > If you can't measure, you can't manage! > > > > > > > > > > -Original Message- > > > > From: Bob Andrews [mailto:[EMAIL PROTECTED]] > > > > Sent: Monday, January 28, 2002 8:26 AM > > > > To: Exchange Discussions > > > > Subject: Public Folders inaccessible > > > > > > > > > > > > We just replaced an Exchange 5.5 SP3 server with an Exchange > > > > SP4 server. Both NT4 boxes, operating in a Navy Organization > > > > that replicates a GAL and Public Folders. This server runs > > > > IMS and serves as a bridgehead server for several other > > > > servers. After the replacement, many users of the downstream > > > > servers lost access to Public Folders. They receive "Unable > > > > to expand folder" and "Profile is not configured" errors. If > > > > they delete Outlook and reinstall, no change. But in most > > > > cases, if the user is set up on a new machine, Public Folders > > > > are accessible from that machine. But if a new user is set > > > > up on a machine that had been used on another account that > > > > could not get access to Public Folders, the new user also > > > > could not access Public Folders. Any thoughts? Bob Andrews US > > > > Navy [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
You go the right answer twice (it's the preview pane or tri-pane viewer). One small data addition. The time delay on the reader changing the flag from unread to read is user settable: Tools - Options - Other - Preview Pane. -Original Message- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:32 AM To: Exchange Discussions Subject: Re: unread mail marked read by itself ? They have the preview pane turned on and left their clients up. Mail comes in, preview pane "reads" it, it times out (default is five seconds I believe) and the message is marked read. - Original Message - From: "Aristotle Zoulas" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 9:16 AM Subject: unread mail marked read by itself ? > Is this possible? Several members of the firm that I am consulting for claim > to have had this problem. They came in one morning several days ago and to > their surprise, mail that they NEVER read was marked as being read by > outlook. The firm is running Exchange 5.5 with outlook as a client . > > Some possibilities are: 1.)something happened to the internal database that > caused this error.2.) Someone within the company tampered with the mail and > read their mail, thus marking it as read. 3.) Perhaps their backup system > had something to do with it. They are doing brick level back ups using > Veritas 8.5. > > > #3 does not seem like an option since only two people, albeit high level IT > people, were affected. This also NEVER happened before. > > > Any help would be appreciated. > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Public Folders inaccessible
Are you changing the name of the profile to the name I suggested? I suspect not. > -Original Message- > From: Bob Andrews [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 11:37 AM > To: Exchange Discussions > Subject: RE: Public Folders inaccessible > > > PFs were rehomed, but perhaps something went wrong there. > They look OK. We're finding that we can create new Outlook > profiles for new users on the same machines that had the > error, but no luck with new Outlook profiles for old users. > We've done screen dumps of the registry settings for a new > user and are comparing to settings on an old user. Maybe > we'll find the problem there. > > BTW, we'd decommission old servers with a BFH, but are > required to recycle. > > > Sounds like perhaps not all PFs were properly rehomed prior to the > > decommissioning of the old server.[1] I bet that if you > create a new > > outlook profile on their existing machines named > > "CompletelyNewProfile" and connect using that you'll find the error > > doesn't occur either. If that's the case, then the > information about > > the old PFs is likely stored in the registry settings for > the original > > profile... Please don't ask me what they are though. > > > > > > [1]Do they hold decommissioning ceremonies for old Exchange servers > > similar to the ones they hold for old ships? > > > > Chris > > -- > > Chris Scharff > > Senior Sales Engineer > > MessageOne > > If you can't measure, you can't manage! > > > > > > > -Original Message- > > > From: Bob Andrews [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, January 28, 2002 8:26 AM > > > To: Exchange Discussions > > > Subject: Public Folders inaccessible > > > > > > > > > We just replaced an Exchange 5.5 SP3 server with an Exchange > > > SP4 server. Both NT4 boxes, operating in a Navy Organization > > > that replicates a GAL and Public Folders. This server runs > > > IMS and serves as a bridgehead server for several other > > > servers. After the replacement, many users of the downstream > > > servers lost access to Public Folders. They receive "Unable > > > to expand folder" and "Profile is not configured" errors. If > > > they delete Outlook and reinstall, no change. But in most > > > cases, if the user is set up on a new machine, Public Folders > > > are accessible from that machine. But if a new user is set > > > up on a machine that had been used on another account that > > > could not get access to Public Folders, the new user also > > > could not access Public Folders. Any thoughts? Bob Andrews US > > > Navy [EMAIL PROTECTED] > > > > > > _ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin:[EMAIL PROTECTED] > > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Cannot receive incoming mail
Enabled the RerouteViaStore registry value? http://support.microsoft.com/default.aspx?scid=kb;en-us;Q259730 Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Pillai, Raj Sent: Monday, January 28, 2002 9:31 AM To: Exchange Discussions Subject: Cannot receive incoming mail Hello All, I created an email disclaimer using the Imsext.dll file and followed the steps provided by Nick Ferguson to implement it. However once it was activated we stopped receiving inbound mail. Errors seen on Exchange Server and SMTP server : Exchange Server Event viewer: Application logEvent ID 4188> Refused to relay. InterScan Viruswall Realtime monitor: Relaying prohibited to [EMAIL PROTECTED] Any ideas to solve this problem ? Single Domain, NT Server 4.0 sp6a, MSExchange 5.5 Sp4. Currently the dll file is disabled, so we can receive mail. Thanks Raj _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Public Folders inaccessible
PFs were rehomed, but perhaps something went wrong there. They look OK. We're finding that we can create new Outlook profiles for new users on the same machines that had the error, but no luck with new Outlook profiles for old users. We've done screen dumps of the registry settings for a new user and are comparing to settings on an old user. Maybe we'll find the problem there. BTW, we'd decommission old servers with a BFH, but are required to recycle. > Sounds like perhaps not all PFs were properly rehomed prior to the > decommissioning of the old server.[1] I bet that if you create a new outlook > profile on their existing machines named "CompletelyNewProfile" and connect > using that you'll find the error doesn't occur either. If that's the case, > then the information about the old PFs is likely stored in the registry > settings for the original profile... Please don't ask me what they are > though. > > > [1]Do they hold decommissioning ceremonies for old Exchange servers similar > to the ones they hold for old ships? > > Chris > -- > Chris Scharff > Senior Sales Engineer > MessageOne > If you can't measure, you can't manage! > > > > -Original Message- > > From: Bob Andrews [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 8:26 AM > > To: Exchange Discussions > > Subject: Public Folders inaccessible > > > > > > We just replaced an Exchange 5.5 SP3 server with an Exchange > > SP4 server. Both NT4 boxes, operating in a Navy Organization > > that replicates a GAL and Public Folders. This server runs > > IMS and serves as a bridgehead server for several other > > servers. After the replacement, many users of the downstream > > servers lost access to Public Folders. They receive "Unable > > to expand folder" and "Profile is not configured" errors. If > > they delete Outlook and reinstall, no change. But in most > > cases, if the user is set up on a new machine, Public Folders > > are accessible from that machine. But if a new user is set > > up on a machine that had been used on another account that > > could not get access to Public Folders, the new user also > > could not access Public Folders. Any thoughts? Bob Andrews US > > Navy [EMAIL PROTECTED] > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Cannot receive incoming mail
Hello All, I created an email disclaimer using the Imsext.dll file and followed the steps provided by Nick Ferguson to implement it. However once it was activated we stopped receiving inbound mail. Errors seen on Exchange Server and SMTP server : Exchange Server Event viewer: Application logEvent ID 4188> Refused to relay. InterScan Viruswall Realtime monitor: Relaying prohibited to [EMAIL PROTECTED] Any ideas to solve this problem ? Single Domain, NT Server 4.0 sp6a, MSExchange 5.5 Sp4. Currently the dll file is disabled, so we can receive mail. Thanks Raj _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
This new virus also drops a back-door trojan... Here's the information link: http://vil.nai.com/vil/content/v_99332.htm Jim Blunt -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:58 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose One would think (and since it's Monday, that may be a hard thing for some), that with all the recent press coverage on mail-enabled viri (let's not get into a semantics fight), that mail administrators, network security workers, management and all the other yahoos involved in a private enterprise or commercial e-mail service would PUT SOME VIRUS PROTECTION ON THEIR MAIL SERVERS! I don't know how many "MyParty" attachments were cleaned up before Nemex kicked in and picked up it's new update this morning, but I've been getting alerts, for this particular bug, at about 45 per hour since this morning. HELLO! IS ANYONE OUT THERE LISTENING?! And yes I know I'm yelling at the choir here. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 He who would learn to fly one day must first learn to stand and walk and run and climb and dance; One cannot fly into flying. -- Friedrich Nietzsche _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
One would think (and since it's Monday, that may be a hard thing for some), that with all the recent press coverage on mail-enabled viri (let's not get into a semantics fight), that mail administrators, network security workers, management and all the other yahoos involved in a private enterprise or commercial e-mail service would PUT SOME VIRUS PROTECTION ON THEIR MAIL SERVERS! I don't know how many "MyParty" attachments were cleaned up before Nemex kicked in and picked up it's new update this morning, but I've been getting alerts, for this particular bug, at about 45 per hour since this morning. HELLO! IS ANYONE OUT THERE LISTENING?! And yes I know I'm yelling at the choir here. John Matteson; Exchange Manager Geac Corporate Infrastructure Systems and Standards (404) 239 - 2981 He who would learn to fly one day must first learn to stand and walk and run and climb and dance; One cannot fly into flying. -- Friedrich Nietzsche _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?
one reads others mail as their permissions allow else access denied > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:24 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > What are the common ways for people to read other people's > email? They have OWA turned off. I will also assume that they > did not leave their workstations logged in. 5 (?'s) omitted --) > > -Original Message- > From: Doug Hampshire [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 11:16 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > Exchange Administrator - a sign of a diseased mind. > - Amit Hanji > > -Original Message- > From: Herold Heiko [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 8:09 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > Multiple exclamation marks... a sign of a diseased mind. > Terry Pratchett > Maskerade > > Heiko > > -- > -- PREVINET S.p.A.[EMAIL PROTECTED] > -- Via Ferretto, 1ph x39-041-5907073 > -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 > -- ITALY > > > -Original Message- > > From: Jim Helfer [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 4:49 PM > > To: Exchange Discussions > > Subject: RE: unread mail marked read by itself ? > > > > > > > > I sure do !!! > > > > -Original Message- > > From: Joyce, Louis [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 10:40 AM > > To: Exchange Discussions > > Subject: RE: unread mail marked read by itself ? > > > > > > No. I find them annoying as well. > > > > Anyone else find them annoying? > > > > :) > > > > Regards > > > > Mr Louis Joyce > > Network Support Analyst > > Exchange Administrator > > BT Ignite eSolutions > > > > > > > > > > -Original Message- > > From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] > > Sent: 28 January 2002 15:41 > > To: Exchange Discussions > > Subject: RE: unread mail marked read by itself ? > > > > > > It is also possible that the users themselves do it without knowing. > > Another possibility is that if they have a delegate, the delegate > > might have had their Inbox open in a separate window. > Since these two > > people are higher up in the company it is quite possible that they > > have a number of > > delegates that manage their calendar, and maybe even > respond to their > > messages. > > > > S. > > > > PS: Am I the only one who finds multiple question marks extremely > > irritating? > > > > -Original Message- > > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 10:35 AM > > To: Exchange Discussions > > Subject: RE: unread mail marked read by itself ? > > > > > > This is a possibility. If this was the case someone would > have to sit > > there and scroll though each message thus marking it as > read. Correct? > > > > TIA > > > > -Original Message- > > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 10:20 AM > > To: Exchange Discussions > > Subject: RE: unread mail marked read by itself ? > > > > I would guess someone is reading their email. They probably have OL > > set to mark as read when selection changes. > > > > > > -Original Message- > > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > > Sent: Monday, January 28, 2002 7:17 AM > > To: Exchange Discussions > > Subject: unread mail marked read by itself ? > > > > > > Is this possible? Several members of the firm that I am > consulting for > > claim to have had this problem. They came in one morning several > > days ago and to > > their surprise, mail that they NEVER read was marked as > being read by > > outlook. The firm is running Exchange 5.5 with outlook as > a client . > > > > Some possibilities are: 1.)something happened to the > internal database > > that caused this error.2.) Someone within the company tampered > > with the mail and > > read their mail, thus marking it as read. 3.) Perhaps their > > backup system > > had something to do with it. They are doing brick level > back ups using > > Veritas 8.5. > > > > > > #3 does not seem like an option since only two people, albeit high > > level IT people, were affected. This also NEVER happened before. > > > > > > Any help would be appreciated. > > > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > __
RE: unread mail marked read by itself ?
Disabled the HTTP protocol at the site/server/user level I presume Neil Hobson Silversands http://www.silversands.co.uk Microsoft Gold Certified Partner For Enterprise Systems For Collaborative Solutions -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Posted At: 28 January 2002 16:44 Posted To: Exchange Mailing List Conversation: unread mail marked read by itself ? Subject: RE: unread mail marked read by itself ? No, the Exchange admin has it turned off. -Original Message- From: Joyce, Louis [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:40 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? What do you mean by 'they have OWA turned off?'. Do you mean the users administer the OWA server? Regards Mr Louis Joyce Network Support Analyst Exchange Administrator BT Ignite eSolutions -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: 28 January 2002 16:24 To: Exchange Discussions Subject: RE: unread mail marked read by itself ? What are the common ways for people to read other people's email? They have OWA turned off. I will also assume that they did not leave their workstations logged in. 5 (?'s) omitted --) -Original Message- From: Doug Hampshire [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:16 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? Exchange Administrator - a sign of a diseased mind. - Amit Hanji -Original Message- From: Herold Heiko [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:09 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? Multiple exclamation marks... a sign of a diseased mind. Terry Pratchett Maskerade Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Ferretto, 1ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 -- ITALY > -Original Message- > From: Jim Helfer [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 4:49 PM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > > I sure do !!! > > -Original Message- > From: Joyce, Louis [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:40 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > No. I find them annoying as well. > > Anyone else find them annoying? > > :) > > Regards > > Mr Louis Joyce > Network Support Analyst > Exchange Administrator > BT Ignite eSolutions > > > > > -Original Message- > From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] > Sent: 28 January 2002 15:41 > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > It is also possible that the users themselves do it without knowing. > Another possibility is that if they have a delegate, the delegate > might have had their Inbox open in a separate window. Since these two > people are higher up in the company it is quite possible that they > have a number of > delegates that manage their calendar, and maybe even respond to their > messages. > > S. > > PS: Am I the only one who finds multiple question marks extremely > irritating? > > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:35 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > This is a possibility. If this was the case someone would have to sit > there and scroll though each message thus marking it as read. Correct? > > TIA > > -Original Message- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:20 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > I would guess someone is reading their email. They probably have OL > set to mark as read when selection changes. > > > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 7:17 AM > To: Exchange Discussions > Subject: unread mail marked read by itself ? > > > Is this possible? Several members of the firm that I am consulting for > claim to have had this problem. They came in one morning several > days ago and to > their surprise, mail that they NEVER read was marked as being read by > outlook. The firm is running Exchange 5.5 with outlook as a client . > > Some possibilities are: 1.)something happened to the internal database > that caused this error.2.) Someone within the company tampered > with the mail and > read their mail, thus marking it as read. 3.) Perhaps their > backup system > had something to do with it. They are doing brick level back ups using > Veritas 8.5. > > > #3 does not seem like an option since only two people, albeit high >
RE: unread mail marked read by itself ?
No, the Exchange admin has it turned off. -Original Message- From: Joyce, Louis [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:40 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? What do you mean by 'they have OWA turned off?'. Do you mean the users administer the OWA server? Regards Mr Louis Joyce Network Support Analyst Exchange Administrator BT Ignite eSolutions -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: 28 January 2002 16:24 To: Exchange Discussions Subject: RE: unread mail marked read by itself ? What are the common ways for people to read other people's email? They have OWA turned off. I will also assume that they did not leave their workstations logged in. 5 (?'s) omitted --) -Original Message- From: Doug Hampshire [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:16 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? Exchange Administrator - a sign of a diseased mind. - Amit Hanji -Original Message- From: Herold Heiko [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:09 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? Multiple exclamation marks... a sign of a diseased mind. Terry Pratchett Maskerade Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Ferretto, 1ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 -- ITALY > -Original Message- > From: Jim Helfer [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 4:49 PM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > > I sure do !!! > > -Original Message- > From: Joyce, Louis [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:40 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > No. I find them annoying as well. > > Anyone else find them annoying? > > :) > > Regards > > Mr Louis Joyce > Network Support Analyst > Exchange Administrator > BT Ignite eSolutions > > > > > -Original Message- > From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] > Sent: 28 January 2002 15:41 > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > It is also possible that the users themselves do it without knowing. > Another possibility is that if they have a delegate, the delegate > might have had their Inbox open in a separate window. Since these two > people are higher up in the company it is quite possible that they > have a number of > delegates that manage their calendar, and maybe even respond to their > messages. > > S. > > PS: Am I the only one who finds multiple question marks extremely > irritating? > > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:35 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > This is a possibility. If this was the case someone would > have to sit there > and scroll though each message thus marking it as read. Correct? > > TIA > > -Original Message- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:20 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > I would guess someone is reading their email. They probably > have OL set to > mark as read when selection changes. > > > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 7:17 AM > To: Exchange Discussions > Subject: unread mail marked read by itself ? > > > Is this possible? Several members of the firm that I am > consulting for claim > to have had this problem. They came in one morning several > days ago and to > their surprise, mail that they NEVER read was marked as being read by > outlook. The firm is running Exchange 5.5 with outlook as a client . > > Some possibilities are: 1.)something happened to the internal > database that > caused this error.2.) Someone within the company tampered > with the mail and > read their mail, thus marking it as read. 3.) Perhaps their > backup system > had something to do with it. They are doing brick level back ups using > Veritas 8.5. > > > #3 does not seem like an option since only two people, albeit > high level IT > people, were affected. This also NEVER happened before. > > > Any help would be appreciated. > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > ___
RE: unread mail marked read by itself ?
What do you mean by 'they have OWA turned off?'. Do you mean the users administer the OWA server? Regards Mr Louis Joyce Network Support Analyst Exchange Administrator BT Ignite eSolutions -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: 28 January 2002 16:24 To: Exchange Discussions Subject: RE: unread mail marked read by itself ? What are the common ways for people to read other people's email? They have OWA turned off. I will also assume that they did not leave their workstations logged in. 5 (?'s) omitted --) -Original Message- From: Doug Hampshire [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:16 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? Exchange Administrator - a sign of a diseased mind. - Amit Hanji -Original Message- From: Herold Heiko [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:09 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? Multiple exclamation marks... a sign of a diseased mind. Terry Pratchett Maskerade Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Ferretto, 1ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 -- ITALY > -Original Message- > From: Jim Helfer [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 4:49 PM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > > I sure do !!! > > -Original Message- > From: Joyce, Louis [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:40 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > No. I find them annoying as well. > > Anyone else find them annoying? > > :) > > Regards > > Mr Louis Joyce > Network Support Analyst > Exchange Administrator > BT Ignite eSolutions > > > > > -Original Message- > From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] > Sent: 28 January 2002 15:41 > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > It is also possible that the users themselves do it without knowing. > Another possibility is that if they have a delegate, the delegate > might have had their Inbox open in a separate window. Since these two > people are higher up in the company it is quite possible that they > have a number of > delegates that manage their calendar, and maybe even respond to their > messages. > > S. > > PS: Am I the only one who finds multiple question marks extremely > irritating? > > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:35 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > This is a possibility. If this was the case someone would > have to sit there > and scroll though each message thus marking it as read. Correct? > > TIA > > -Original Message- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:20 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > I would guess someone is reading their email. They probably > have OL set to > mark as read when selection changes. > > > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 7:17 AM > To: Exchange Discussions > Subject: unread mail marked read by itself ? > > > Is this possible? Several members of the firm that I am > consulting for claim > to have had this problem. They came in one morning several > days ago and to > their surprise, mail that they NEVER read was marked as being read by > outlook. The firm is running Exchange 5.5 with outlook as a client . > > Some possibilities are: 1.)something happened to the internal > database that > caused this error.2.) Someone within the company tampered > with the mail and > read their mail, thus marking it as read. 3.) Perhaps their > backup system > had something to do with it. They are doing brick level back ups using > Veritas 8.5. > > > #3 does not seem like an option since only two people, albeit > high level IT > people, were affected. This also NEVER happened before. > > > Any help would be appreciated. > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchan
RE: unread mail marked read by itself ?????
? -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:33 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? I think this works for one email but not for more than one without user intervention. -Original Message- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:32 AM To: Exchange Discussions Subject: Re: unread mail marked read by itself ? They have the preview pane turned on and left their clients up. Mail comes in, preview pane "reads" it, it times out (default is five seconds I believe) and the message is marked read. - Original Message - From: "Aristotle Zoulas" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 9:16 AM Subject: unread mail marked read by itself ? > Is this possible? Several members of the firm that I am consulting for claim > to have had this problem. They came in one morning several days ago and to > their surprise, mail that they NEVER read was marked as being read by > outlook. The firm is running Exchange 5.5 with outlook as a client . > > Some possibilities are: 1.)something happened to the internal database that > caused this error.2.) Someone within the company tampered with the mail and > read their mail, thus marking it as read. 3.) Perhaps their backup system > had something to do with it. They are doing brick level back ups using > Veritas 8.5. > > > #3 does not seem like an option since only two people, albeit high level IT > people, were affected. This also NEVER happened before. > > > Any help would be appreciated. > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson by telephone (212)935-4990, fax (212)381-8168, or email ([EMAIL PROTECTED]) and delete the message. Thank you. == _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
I think this works for one email but not for more than one without user intervention. -Original Message- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:32 AM To: Exchange Discussions Subject: Re: unread mail marked read by itself ? They have the preview pane turned on and left their clients up. Mail comes in, preview pane "reads" it, it times out (default is five seconds I believe) and the message is marked read. - Original Message - From: "Aristotle Zoulas" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 9:16 AM Subject: unread mail marked read by itself ? > Is this possible? Several members of the firm that I am consulting for claim > to have had this problem. They came in one morning several days ago and to > their surprise, mail that they NEVER read was marked as being read by > outlook. The firm is running Exchange 5.5 with outlook as a client . > > Some possibilities are: 1.)something happened to the internal database that > caused this error.2.) Someone within the company tampered with the mail and > read their mail, thus marking it as read. 3.) Perhaps their backup system > had something to do with it. They are doing brick level back ups using > Veritas 8.5. > > > #3 does not seem like an option since only two people, albeit high level IT > people, were affected. This also NEVER happened before. > > > Any help would be appreciated. > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: Any way to change items in IMS queue
Anything in the event viewer? - Original Message - From: "Arch Willingham" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 9:35 AM Subject: RE: Any way to change items in IMS queue > Daniel: > > Good idea! It worked...sort of. If I stop and restart the IMS service, it > now gives me an error saying: > > The Microsoft Exchange Internet Mail Service service terminated > unexpectedly. It has done this 8 time(s). The following corrective action > will be taken in 0 milliseconds: No action. > > I scooted all of the messages over to a temp directory and re-started it. It > started fine. I stopped it and moved a few at a time and re-started it. A > couple of the messages are causing the problem - any idea why? > > Arch > > -Original Message- > From: Daniel Chenault [mailto:[EMAIL PROTECTED]] > Sent: Sunday, January 27, 2002 4:19 PM > To: Exchange Discussions > Subject: Re: Any way to change items in IMS queue > > > Ouch... > > 1. A search-and-replace utility. Run it against the \exchsrvr\imcdata\out > directory and replace all instances of 1.2.3.4 with a name. That name will > exist in the HOSTS files mapping to the correct IP. > 2. Set the IMS to accept messages for 1.2.3.4 and redirect to the correct > name or correct IP. Move those messages out of the \out folder and into the > \in folder. > > - Original Message - > From: "Arch Willingham" <[EMAIL PROTECTED]> > To: "Exchange Discussions" <[EMAIL PROTECTED]> > Sent: Sunday, January 27, 2002 2:24 PM > Subject: RE: Any way to change items in IMS queue > > > > I'll make it worse...the old name was just an IP address. The guy that set > > it up used the ip address instead of a name. Will it still work? > > > > -Original Message- > > From: Daniel Chenault [mailto:[EMAIL PROTECTED]] > > Sent: Sunday, January 27, 2002 2:50 PM > > To: Exchange Discussions > > Subject: Re: Any way to change items in IMS queue > > > > > > Fastest way would be to make an entry in the server's HOSTS file pairing > the > > old name with the new IP. Keep it until those items flush out. > > > > - Original Message - > > From: "Arch Willingham" <[EMAIL PROTECTED]> > > To: "Exchange Discussions" <[EMAIL PROTECTED]> > > Sent: Sunday, January 27, 2002 12:52 PM > > Subject: Any way to change items in IMS queue > > > > > > > I have a bunch of items that are stacked up in the IMS queue. The site > > name > > > where they used to get delivered to has changed and has a new ip > address. > > Is > > > there any way to change the existing items so that they will go to the > new > > > address? > > > > > > Thanks, > > > > > > Arch Willingham > > > > > > _ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Archives: http://www.swynk.com/sitesearch/search.asp > > > To unsubscribe: mailto:[EMAIL PROTECTED] > > > Exchange List admin:[EMAIL PROTECTED] > > > > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: unread mail marked read by itself ?????
They have the preview pane turned on and left their clients up. Mail comes in, preview pane "reads" it, it times out (default is five seconds I believe) and the message is marked read. - Original Message - From: "Aristotle Zoulas" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Monday, January 28, 2002 9:16 AM Subject: unread mail marked read by itself ? > Is this possible? Several members of the firm that I am consulting for claim > to have had this problem. They came in one morning several days ago and to > their surprise, mail that they NEVER read was marked as being read by > outlook. The firm is running Exchange 5.5 with outlook as a client . > > Some possibilities are: 1.)something happened to the internal database that > caused this error.2.) Someone within the company tampered with the mail and > read their mail, thus marking it as read. 3.) Perhaps their backup system > had something to do with it. They are doing brick level back ups using > Veritas 8.5. > > > #3 does not seem like an option since only two people, albeit high level IT > people, were affected. This also NEVER happened before. > > > Any help would be appreciated. > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
You are right. Having the words "Bottom" and "Removal Instructions" in the same sentence does conjure up thoughts best left alone. :) Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -Original Message- From: Andy David [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:23 AM To: Powell, Ken Subject: RE: Alert: W32/Myparty-mm on the loose removal instructions... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:21 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose http://vil.nai.com/vil/content/v_99332.htm at the bottom under Removal Instructions. Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:20 AM To: Powell, Ken Subject: RE: Alert: W32/Myparty-mm on the loose Where is it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:16 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Close, but not quite. "POS McAfee" has had a signature via an EXTRA.DAT for it since Sunday night. What they are saying is that it will not be incorporated into the normal DAT signature (which comes out on Wednesdays) until it has been fully tested. Regardless of whether they have it incorporated or not, we are not letting executables such as .exe, com, bat, etc. are we? First do no harm. :) Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:25 AM To: Powell, Ken Subject: RE: Alert: W32/Myparty-mm on the loose Also another classic example of what a POS Mcafee is. They are saying they will release a DAT for it on the 30th -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:21 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Most of the systems I am monitoring are blocking it as a VBS script. Nate Couch EDS Messaging -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:36 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose trend has just launched pattern 212 -Original Message- From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] Sent: 28 January, 2002 3:20 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Somehow this one slipped past our .com filter on our linux firewall. NAV for exchange caught it by the .COM extension, and norton had just liveupdated us an hour earlier with the new definitions that would have caught it if it wasn't a blocked extension. I think the syntax of the attachment code is probably not RFC compliant. Tom -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:03 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Fortunately we're all blocking *.com right? The *.com viruses are going to take forever to combat from a social engineering standpoint. It's probably worth investing some time in user education on .com files because I think this is going to be a new favorite virus writing style for the next few months. Chris Scharff The Mail Resource Center http://www.mail-resources.com -Original Message- From: Martin Blackstone To: Exchange Discussions Sent: 1/28/2002 7:57 AM Subject: FW: Alert: W32/Myparty-mm on the loose -Original Message- From: Russ [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:45 AM To: [EMAIL PROTECTED] Subject: Alert: W32/Myparty-mm on the loose Be aware that this morning you will likely find a copy of this new mass mailer in your mail systems. This is a pure social engineering attack, it contains an attachment named as a URL with a .com extension. Since .com is also an application, it will be run as such if its double-clicked on. Check with your AV company for updates and/or filtering criteria. If you can, be sure you have attachment filtering enabled at your mail gateway. Outlook Email Security Update, and Outlook 2002, both catch this attachment and prevent it from being available for the user to click on. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://ww
RE: unread mail marked read by itself ?
What are the common ways for people to read other people's email? They have OWA turned off. I will also assume that they did not leave their workstations logged in. 5 (?'s) omitted --) -Original Message- From: Doug Hampshire [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:16 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? Exchange Administrator - a sign of a diseased mind. - Amit Hanji -Original Message- From: Herold Heiko [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:09 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? Multiple exclamation marks... a sign of a diseased mind. Terry Pratchett Maskerade Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Ferretto, 1ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 -- ITALY > -Original Message- > From: Jim Helfer [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 4:49 PM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > > I sure do !!! > > -Original Message- > From: Joyce, Louis [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:40 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > No. I find them annoying as well. > > Anyone else find them annoying? > > :) > > Regards > > Mr Louis Joyce > Network Support Analyst > Exchange Administrator > BT Ignite eSolutions > > > > > -Original Message- > From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] > Sent: 28 January 2002 15:41 > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > It is also possible that the users themselves do it without knowing. > Another possibility is that if they have a delegate, the delegate > might have had their Inbox open in a separate window. Since these two > people are higher up in the company it is quite possible that they > have a number of > delegates that manage their calendar, and maybe even respond to their > messages. > > S. > > PS: Am I the only one who finds multiple question marks extremely > irritating? > > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:35 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > This is a possibility. If this was the case someone would > have to sit there > and scroll though each message thus marking it as read. Correct? > > TIA > > -Original Message- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:20 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > I would guess someone is reading their email. They probably > have OL set to > mark as read when selection changes. > > > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 7:17 AM > To: Exchange Discussions > Subject: unread mail marked read by itself ? > > > Is this possible? Several members of the firm that I am > consulting for claim > to have had this problem. They came in one morning several > days ago and to > their surprise, mail that they NEVER read was marked as being read by > outlook. The firm is running Exchange 5.5 with outlook as a client . > > Some possibilities are: 1.)something happened to the internal > database that > caused this error.2.) Someone within the company tampered > with the mail and > read their mail, thus marking it as read. 3.) Perhaps their > backup system > had something to do with it. They are doing brick level back ups using > Veritas 8.5. > > > #3 does not seem like an option since only two people, albeit > high level IT > people, were affected. This also NEVER happened before. > > > Any help would be appreciated. > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > >
RE: Alert: W32/Myparty-mm on the loose
removal instructions... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:21 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose http://vil.nai.com/vil/content/v_99332.htm at the bottom under Removal Instructions. Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:20 AM To: Powell, Ken Subject: RE: Alert: W32/Myparty-mm on the loose Where is it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:16 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Close, but not quite. "POS McAfee" has had a signature via an EXTRA.DAT for it since Sunday night. What they are saying is that it will not be incorporated into the normal DAT signature (which comes out on Wednesdays) until it has been fully tested. Regardless of whether they have it incorporated or not, we are not letting executables such as .exe, com, bat, etc. are we? First do no harm. :) Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:25 AM To: Powell, Ken Subject: RE: Alert: W32/Myparty-mm on the loose Also another classic example of what a POS Mcafee is. They are saying they will release a DAT for it on the 30th -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:21 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Most of the systems I am monitoring are blocking it as a VBS script. Nate Couch EDS Messaging -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:36 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose trend has just launched pattern 212 -Original Message- From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] Sent: 28 January, 2002 3:20 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Somehow this one slipped past our .com filter on our linux firewall. NAV for exchange caught it by the .COM extension, and norton had just liveupdated us an hour earlier with the new definitions that would have caught it if it wasn't a blocked extension. I think the syntax of the attachment code is probably not RFC compliant. Tom -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:03 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Fortunately we're all blocking *.com right? The *.com viruses are going to take forever to combat from a social engineering standpoint. It's probably worth investing some time in user education on .com files because I think this is going to be a new favorite virus writing style for the next few months. Chris Scharff The Mail Resource Center http://www.mail-resources.com -Original Message- From: Martin Blackstone To: Exchange Discussions Sent: 1/28/2002 7:57 AM Subject: FW: Alert: W32/Myparty-mm on the loose -Original Message- From: Russ [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:45 AM To: [EMAIL PROTECTED] Subject: Alert: W32/Myparty-mm on the loose Be aware that this morning you will likely find a copy of this new mass mailer in your mail systems. This is a pure social engineering attack, it contains an attachment named as a URL with a .com extension. Since .com is also an application, it will be run as such if its double-clicked on. Check with your AV company for updates and/or filtering criteria. If you can, be sure you have attachment filtering enabled at your mail gateway. Outlook Email Security Update, and Outlook 2002, both catch this attachment and prevent it from being available for the user to click on. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting
RE: Alert: W32/Myparty-mm on the loose
http://vil.nai.com/vil/content/v_99332.htm -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 11:17 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Where is it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:16 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Close, but not quite. "POS McAfee" has had a signature via an EXTRA.DAT for it since Sunday night. What they are saying is that it will not be incorporated into the normal DAT signature (which comes out on Wednesdays) until it has been fully tested. Regardless of whether they have it incorporated or not, we are not letting executables such as .exe, com, bat, etc. are we? First do no harm. :) Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:25 AM To: Powell, Ken Subject: RE: Alert: W32/Myparty-mm on the loose Also another classic example of what a POS Mcafee is. They are saying they will release a DAT for it on the 30th -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:21 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Most of the systems I am monitoring are blocking it as a VBS script. Nate Couch EDS Messaging -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:36 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose trend has just launched pattern 212 -Original Message- From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] Sent: 28 January, 2002 3:20 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Somehow this one slipped past our .com filter on our linux firewall. NAV for exchange caught it by the .COM extension, and norton had just liveupdated us an hour earlier with the new definitions that would have caught it if it wasn't a blocked extension. I think the syntax of the attachment code is probably not RFC compliant. Tom -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:03 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Fortunately we're all blocking *.com right? The *.com viruses are going to take forever to combat from a social engineering standpoint. It's probably worth investing some time in user education on .com files because I think this is going to be a new favorite virus writing style for the next few months. Chris Scharff The Mail Resource Center http://www.mail-resources.com -Original Message- From: Martin Blackstone To: Exchange Discussions Sent: 1/28/2002 7:57 AM Subject: FW: Alert: W32/Myparty-mm on the loose -Original Message- From: Russ [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:45 AM To: [EMAIL PROTECTED] Subject: Alert: W32/Myparty-mm on the loose Be aware that this morning you will likely find a copy of this new mass mailer in your mail systems. This is a pure social engineering attack, it contains an attachment named as a URL with a .com extension. Since .com is also an application, it will be run as such if its double-clicked on. Check with your AV company for updates and/or filtering criteria. If you can, be sure you have attachment filtering enabled at your mail gateway. Outlook Email Security Update, and Outlook 2002, both catch this attachment and prevent it from being available for the user to click on. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] -- The information contained in this email message is privileged and confidential information intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copy of this message is strictly prohibited. If you have received this email in error, please immediately notify Veronis Suhler Stevenson
RE: Alert: W32/Myparty-mm on the loose
http://vil.nai.com/vil/content/v_99332.htm at the bottom under Removal Instructions. Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:20 AM To: Powell, Ken Subject: RE: Alert: W32/Myparty-mm on the loose Where is it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:16 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Close, but not quite. "POS McAfee" has had a signature via an EXTRA.DAT for it since Sunday night. What they are saying is that it will not be incorporated into the normal DAT signature (which comes out on Wednesdays) until it has been fully tested. Regardless of whether they have it incorporated or not, we are not letting executables such as .exe, com, bat, etc. are we? First do no harm. :) Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:25 AM To: Powell, Ken Subject: RE: Alert: W32/Myparty-mm on the loose Also another classic example of what a POS Mcafee is. They are saying they will release a DAT for it on the 30th -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:21 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Most of the systems I am monitoring are blocking it as a VBS script. Nate Couch EDS Messaging -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:36 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose trend has just launched pattern 212 -Original Message- From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] Sent: 28 January, 2002 3:20 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Somehow this one slipped past our .com filter on our linux firewall. NAV for exchange caught it by the .COM extension, and norton had just liveupdated us an hour earlier with the new definitions that would have caught it if it wasn't a blocked extension. I think the syntax of the attachment code is probably not RFC compliant. Tom -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:03 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Fortunately we're all blocking *.com right? The *.com viruses are going to take forever to combat from a social engineering standpoint. It's probably worth investing some time in user education on .com files because I think this is going to be a new favorite virus writing style for the next few months. Chris Scharff The Mail Resource Center http://www.mail-resources.com -Original Message- From: Martin Blackstone To: Exchange Discussions Sent: 1/28/2002 7:57 AM Subject: FW: Alert: W32/Myparty-mm on the loose -Original Message- From: Russ [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:45 AM To: [EMAIL PROTECTED] Subject: Alert: W32/Myparty-mm on the loose Be aware that this morning you will likely find a copy of this new mass mailer in your mail systems. This is a pure social engineering attack, it contains an attachment named as a URL with a .com extension. Since .com is also an application, it will be run as such if its double-clicked on. Check with your AV company for updates and/or filtering criteria. If you can, be sure you have attachment filtering enabled at your mail gateway. Outlook Email Security Update, and Outlook 2002, both catch this attachment and prevent it from being available for the user to click on. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
Where is it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:16 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Close, but not quite. "POS McAfee" has had a signature via an EXTRA.DAT for it since Sunday night. What they are saying is that it will not be incorporated into the normal DAT signature (which comes out on Wednesdays) until it has been fully tested. Regardless of whether they have it incorporated or not, we are not letting executables such as .exe, com, bat, etc. are we? First do no harm. :) Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:25 AM To: Powell, Ken Subject: RE: Alert: W32/Myparty-mm on the loose Also another classic example of what a POS Mcafee is. They are saying they will release a DAT for it on the 30th -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:21 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Most of the systems I am monitoring are blocking it as a VBS script. Nate Couch EDS Messaging -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:36 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose trend has just launched pattern 212 -Original Message- From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] Sent: 28 January, 2002 3:20 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Somehow this one slipped past our .com filter on our linux firewall. NAV for exchange caught it by the .COM extension, and norton had just liveupdated us an hour earlier with the new definitions that would have caught it if it wasn't a blocked extension. I think the syntax of the attachment code is probably not RFC compliant. Tom -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:03 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Fortunately we're all blocking *.com right? The *.com viruses are going to take forever to combat from a social engineering standpoint. It's probably worth investing some time in user education on .com files because I think this is going to be a new favorite virus writing style for the next few months. Chris Scharff The Mail Resource Center http://www.mail-resources.com -Original Message- From: Martin Blackstone To: Exchange Discussions Sent: 1/28/2002 7:57 AM Subject: FW: Alert: W32/Myparty-mm on the loose -Original Message- From: Russ [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:45 AM To: [EMAIL PROTECTED] Subject: Alert: W32/Myparty-mm on the loose Be aware that this morning you will likely find a copy of this new mass mailer in your mail systems. This is a pure social engineering attack, it contains an attachment named as a URL with a .com extension. Since .com is also an application, it will be run as such if its double-clicked on. Check with your AV company for updates and/or filtering criteria. If you can, be sure you have attachment filtering enabled at your mail gateway. Outlook Email Security Update, and Outlook 2002, both catch this attachment and prevent it from being available for the user to click on. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
Exchange Administrator - a sign of a diseased mind. - Amit Hanji -Original Message- From: Herold Heiko [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:09 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? Multiple exclamation marks... a sign of a diseased mind. Terry Pratchett Maskerade Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Ferretto, 1ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 -- ITALY > -Original Message- > From: Jim Helfer [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 4:49 PM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > > I sure do !!! > > -Original Message- > From: Joyce, Louis [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:40 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > No. I find them annoying as well. > > Anyone else find them annoying? > > :) > > Regards > > Mr Louis Joyce > Network Support Analyst > Exchange Administrator > BT Ignite eSolutions > > > > > -Original Message- > From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] > Sent: 28 January 2002 15:41 > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > It is also possible that the users themselves do it without knowing. > Another possibility is that if they have a delegate, the delegate > might have had their Inbox open in a separate window. Since these two > people are higher up in the company it is quite possible that they > have a number of > delegates that manage their calendar, and maybe even respond to their > messages. > > S. > > PS: Am I the only one who finds multiple question marks extremely > irritating? > > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:35 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > This is a possibility. If this was the case someone would > have to sit there > and scroll though each message thus marking it as read. Correct? > > TIA > > -Original Message- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:20 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > I would guess someone is reading their email. They probably > have OL set to > mark as read when selection changes. > > > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 7:17 AM > To: Exchange Discussions > Subject: unread mail marked read by itself ? > > > Is this possible? Several members of the firm that I am > consulting for claim > to have had this problem. They came in one morning several > days ago and to > their surprise, mail that they NEVER read was marked as being read by > outlook. The firm is running Exchange 5.5 with outlook as a client . > > Some possibilities are: 1.)something happened to the internal > database that > caused this error.2.) Someone within the company tampered > with the mail and > read their mail, thus marking it as read. 3.) Perhaps their > backup system > had something to do with it. They are doing brick level back ups using > Veritas 8.5. > > > #3 does not seem like an option since only two people, albeit > high level IT > people, were affected. This also NEVER happened before. > > > Any help would be appreciated. > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.sw
RE: Alert: W32/Myparty-mm on the loose
Close, but not quite. "POS McAfee" has had a signature via an EXTRA.DAT for it since Sunday night. What they are saying is that it will not be incorporated into the normal DAT signature (which comes out on Wednesdays) until it has been fully tested. Regardless of whether they have it incorporated or not, we are not letting executables such as .exe, com, bat, etc. are we? First do no harm. :) Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:25 AM To: Powell, Ken Subject: RE: Alert: W32/Myparty-mm on the loose Also another classic example of what a POS Mcafee is. They are saying they will release a DAT for it on the 30th -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:21 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Most of the systems I am monitoring are blocking it as a VBS script. Nate Couch EDS Messaging -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:36 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose trend has just launched pattern 212 -Original Message- From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] Sent: 28 January, 2002 3:20 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Somehow this one slipped past our .com filter on our linux firewall. NAV for exchange caught it by the .COM extension, and norton had just liveupdated us an hour earlier with the new definitions that would have caught it if it wasn't a blocked extension. I think the syntax of the attachment code is probably not RFC compliant. Tom -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:03 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Fortunately we're all blocking *.com right? The *.com viruses are going to take forever to combat from a social engineering standpoint. It's probably worth investing some time in user education on .com files because I think this is going to be a new favorite virus writing style for the next few months. Chris Scharff The Mail Resource Center http://www.mail-resources.com -Original Message- From: Martin Blackstone To: Exchange Discussions Sent: 1/28/2002 7:57 AM Subject: FW: Alert: W32/Myparty-mm on the loose -Original Message- From: Russ [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:45 AM To: [EMAIL PROTECTED] Subject: Alert: W32/Myparty-mm on the loose Be aware that this morning you will likely find a copy of this new mass mailer in your mail systems. This is a pure social engineering attack, it contains an attachment named as a URL with a .com extension. Since .com is also an application, it will be run as such if its double-clicked on. Check with your AV company for updates and/or filtering criteria. If you can, be sure you have attachment filtering enabled at your mail gateway. Outlook Email Security Update, and Outlook 2002, both catch this attachment and prevent it from being available for the user to click on. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
Multiple exclamation marks... a sign of a diseased mind. Terry Pratchett Maskerade Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Ferretto, 1ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 -- ITALY > -Original Message- > From: Jim Helfer [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 4:49 PM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > > I sure do !!! > > -Original Message- > From: Joyce, Louis [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:40 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > No. I find them annoying as well. > > Anyone else find them annoying? > > :) > > Regards > > Mr Louis Joyce > Network Support Analyst > Exchange Administrator > BT Ignite eSolutions > > > > > -Original Message- > From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] > Sent: 28 January 2002 15:41 > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > It is also possible that the users themselves do it without knowing. > Another possibility is that if they have a delegate, the > delegate might have > had their Inbox open in a separate window. Since these two people are > higher up in the company it is quite possible that they have > a number of > delegates that manage their calendar, and maybe even respond to their > messages. > > S. > > PS: Am I the only one who finds multiple question marks extremely > irritating? > > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:35 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > > This is a possibility. If this was the case someone would > have to sit there > and scroll though each message thus marking it as read. Correct? > > TIA > > -Original Message- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 10:20 AM > To: Exchange Discussions > Subject: RE: unread mail marked read by itself ? > > I would guess someone is reading their email. They probably > have OL set to > mark as read when selection changes. > > > -Original Message- > From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 28, 2002 7:17 AM > To: Exchange Discussions > Subject: unread mail marked read by itself ? > > > Is this possible? Several members of the firm that I am > consulting for claim > to have had this problem. They came in one morning several > days ago and to > their surprise, mail that they NEVER read was marked as being read by > outlook. The firm is running Exchange 5.5 with outlook as a client . > > Some possibilities are: 1.)something happened to the internal > database that > caused this error.2.) Someone within the company tampered > with the mail and > read their mail, thus marking it as read. 3.) Perhaps their > backup system > had something to do with it. They are doing brick level back ups using > Veritas 8.5. > > > #3 does not seem like an option since only two people, albeit > high level IT > people, were affected. This also NEVER happened before. > > > Any help would be appreciated. > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FA
RE: unread mail marked read by itself ?????
Eventviewer - application logs Regards Mr Louis Joyce Network Support Analyst Exchange Administrator BT Ignite eSolutions -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: 28 January 2002 15:54 To: Exchange Discussions Subject: RE: unread mail marked read by itself ? Sorry to ask a dumb question but our local Exchange admin wants to know which log to look at. thanks -Original Message- From: Doug Hampshire [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:50 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? #2 is the likely suspect. Just check your logs to see who is accessing the said users accounts. -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:17 AM To: Exchange Discussions Subject: unread mail marked read by itself ? Is this possible? Several members of the firm that I am consulting for claim to have had this problem. They came in one morning several days ago and to their surprise, mail that they NEVER read was marked as being read by outlook. The firm is running Exchange 5.5 with outlook as a client . Some possibilities are: 1.)something happened to the internal database that caused this error.2.) Someone within the company tampered with the mail and read their mail, thus marking it as read. 3.) Perhaps their backup system had something to do with it. They are doing brick level back ups using Veritas 8.5. #3 does not seem like an option since only two people, albeit high level IT people, were affected. This also NEVER happened before. Any help would be appreciated. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
Sorry to ask a dumb question but our local Exchange admin wants to know which log to look at. thanks -Original Message- From: Doug Hampshire [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:50 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? #2 is the likely suspect. Just check your logs to see who is accessing the said users accounts. -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:17 AM To: Exchange Discussions Subject: unread mail marked read by itself ? Is this possible? Several members of the firm that I am consulting for claim to have had this problem. They came in one morning several days ago and to their surprise, mail that they NEVER read was marked as being read by outlook. The firm is running Exchange 5.5 with outlook as a client . Some possibilities are: 1.)something happened to the internal database that caused this error.2.) Someone within the company tampered with the mail and read their mail, thus marking it as read. 3.) Perhaps their backup system had something to do with it. They are doing brick level back ups using Veritas 8.5. #3 does not seem like an option since only two people, albeit high level IT people, were affected. This also NEVER happened before. Any help would be appreciated. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
#2 is the likely suspect. Just check your logs to see who is accessing the said users accounts. -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:17 AM To: Exchange Discussions Subject: unread mail marked read by itself ? Is this possible? Several members of the firm that I am consulting for claim to have had this problem. They came in one morning several days ago and to their surprise, mail that they NEVER read was marked as being read by outlook. The firm is running Exchange 5.5 with outlook as a client . Some possibilities are: 1.)something happened to the internal database that caused this error.2.) Someone within the company tampered with the mail and read their mail, thus marking it as read. 3.) Perhaps their backup system had something to do with it. They are doing brick level back ups using Veritas 8.5. #3 does not seem like an option since only two people, albeit high level IT people, were affected. This also NEVER happened before. Any help would be appreciated. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
? What are you talking about ? -Original Message- From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:41 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? It is also possible that the users themselves do it without knowing. Another possibility is that if they have a delegate, the delegate might have had their Inbox open in a separate window. Since these two people are higher up in the company it is quite possible that they have a number of delegates that manage their calendar, and maybe even respond to their messages. S. PS: Am I the only one who finds multiple question marks extremely irritating? -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:35 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? This is a possibility. If this was the case someone would have to sit there and scroll though each message thus marking it as read. Correct? TIA -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:20 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? I would guess someone is reading their email. They probably have OL set to mark as read when selection changes. -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:17 AM To: Exchange Discussions Subject: unread mail marked read by itself ? Is this possible? Several members of the firm that I am consulting for claim to have had this problem. They came in one morning several days ago and to their surprise, mail that they NEVER read was marked as being read by outlook. The firm is running Exchange 5.5 with outlook as a client . Some possibilities are: 1.)something happened to the internal database that caused this error.2.) Someone within the company tampered with the mail and read their mail, thus marking it as read. 3.) Perhaps their backup system had something to do with it. They are doing brick level back ups using Veritas 8.5. #3 does not seem like an option since only two people, albeit high level IT people, were affected. This also NEVER happened before. Any help would be appreciated. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
I sure do !!! -Original Message- From: Joyce, Louis [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:40 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? No. I find them annoying as well. Anyone else find them annoying? :) Regards Mr Louis Joyce Network Support Analyst Exchange Administrator BT Ignite eSolutions -Original Message- From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] Sent: 28 January 2002 15:41 To: Exchange Discussions Subject: RE: unread mail marked read by itself ? It is also possible that the users themselves do it without knowing. Another possibility is that if they have a delegate, the delegate might have had their Inbox open in a separate window. Since these two people are higher up in the company it is quite possible that they have a number of delegates that manage their calendar, and maybe even respond to their messages. S. PS: Am I the only one who finds multiple question marks extremely irritating? -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:35 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? This is a possibility. If this was the case someone would have to sit there and scroll though each message thus marking it as read. Correct? TIA -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:20 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? I would guess someone is reading their email. They probably have OL set to mark as read when selection changes. -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:17 AM To: Exchange Discussions Subject: unread mail marked read by itself ? Is this possible? Several members of the firm that I am consulting for claim to have had this problem. They came in one morning several days ago and to their surprise, mail that they NEVER read was marked as being read by outlook. The firm is running Exchange 5.5 with outlook as a client . Some possibilities are: 1.)something happened to the internal database that caused this error.2.) Someone within the company tampered with the mail and read their mail, thus marking it as read. 3.) Perhaps their backup system had something to do with it. They are doing brick level back ups using Veritas 8.5. #3 does not seem like an option since only two people, albeit high level IT people, were affected. This also NEVER happened before. Any help would be appreciated. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
I don't mind it that much as long as it's in the body. Kim -Original Message- From: Joyce, Louis [mailto:[EMAIL PROTECTED]] Sent: 28 January, 2002 4:40 PM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? No. I find them annoying as well. Anyone else find them annoying? :) Regards Mr Louis Joyce Network Support Analyst Exchange Administrator BT Ignite eSolutions -Original Message- From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] Sent: 28 January 2002 15:41 To: Exchange Discussions Subject: RE: unread mail marked read by itself ? It is also possible that the users themselves do it without knowing. Another possibility is that if they have a delegate, the delegate might have had their Inbox open in a separate window. Since these two people are higher up in the company it is quite possible that they have a number of delegates that manage their calendar, and maybe even respond to their messages. S. PS: Am I the only one who finds multiple question marks extremely irritating? -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:35 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? This is a possibility. If this was the case someone would have to sit there and scroll though each message thus marking it as read. Correct? TIA -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:20 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? I would guess someone is reading their email. They probably have OL set to mark as read when selection changes. -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:17 AM To: Exchange Discussions Subject: unread mail marked read by itself ? Is this possible? Several members of the firm that I am consulting for claim to have had this problem. They came in one morning several days ago and to their surprise, mail that they NEVER read was marked as being read by outlook. The firm is running Exchange 5.5 with outlook as a client . Some possibilities are: 1.)something happened to the internal database that caused this error.2.) Someone within the company tampered with the mail and read their mail, thus marking it as read. 3.) Perhaps their backup system had something to do with it. They are doing brick level back ups using Veritas 8.5. #3 does not seem like an option since only two people, albeit high level IT people, were affected. This also NEVER happened before. Any help would be appreciated. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
No. I find them annoying as well. Anyone else find them annoying? :) Regards Mr Louis Joyce Network Support Analyst Exchange Administrator BT Ignite eSolutions -Original Message- From: Soysal, Serdar [mailto:[EMAIL PROTECTED]] Sent: 28 January 2002 15:41 To: Exchange Discussions Subject: RE: unread mail marked read by itself ? It is also possible that the users themselves do it without knowing. Another possibility is that if they have a delegate, the delegate might have had their Inbox open in a separate window. Since these two people are higher up in the company it is quite possible that they have a number of delegates that manage their calendar, and maybe even respond to their messages. S. PS: Am I the only one who finds multiple question marks extremely irritating? -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:35 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? This is a possibility. If this was the case someone would have to sit there and scroll though each message thus marking it as read. Correct? TIA -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:20 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? I would guess someone is reading their email. They probably have OL set to mark as read when selection changes. -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:17 AM To: Exchange Discussions Subject: unread mail marked read by itself ? Is this possible? Several members of the firm that I am consulting for claim to have had this problem. They came in one morning several days ago and to their surprise, mail that they NEVER read was marked as being read by outlook. The firm is running Exchange 5.5 with outlook as a client . Some possibilities are: 1.)something happened to the internal database that caused this error.2.) Someone within the company tampered with the mail and read their mail, thus marking it as read. 3.) Perhaps their backup system had something to do with it. They are doing brick level back ups using Veritas 8.5. #3 does not seem like an option since only two people, albeit high level IT people, were affected. This also NEVER happened before. Any help would be appreciated. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
It is also possible that the users themselves do it without knowing. Another possibility is that if they have a delegate, the delegate might have had their Inbox open in a separate window. Since these two people are higher up in the company it is quite possible that they have a number of delegates that manage their calendar, and maybe even respond to their messages. S. PS: Am I the only one who finds multiple question marks extremely irritating? -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:35 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? This is a possibility. If this was the case someone would have to sit there and scroll though each message thus marking it as read. Correct? TIA -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:20 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? I would guess someone is reading their email. They probably have OL set to mark as read when selection changes. -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:17 AM To: Exchange Discussions Subject: unread mail marked read by itself ? Is this possible? Several members of the firm that I am consulting for claim to have had this problem. They came in one morning several days ago and to their surprise, mail that they NEVER read was marked as being read by outlook. The firm is running Exchange 5.5 with outlook as a client . Some possibilities are: 1.)something happened to the internal database that caused this error.2.) Someone within the company tampered with the mail and read their mail, thus marking it as read. 3.) Perhaps their backup system had something to do with it. They are doing brick level back ups using Veritas 8.5. #3 does not seem like an option since only two people, albeit high level IT people, were affected. This also NEVER happened before. Any help would be appreciated. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
No, someone would just need to open the mailbox, and click on a message, read it in the preview pane, and go on to the next. Check the event logs it will log anyone accessing a mailbox who is not the owner. If the logs are mysteriously gone, you definitely have a problem. -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:35 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? This is a possibility. If this was the case someone would have to sit there and scroll though each message thus marking it as read. Correct? TIA -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:20 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? I would guess someone is reading their email. They probably have OL set to mark as read when selection changes. -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:17 AM To: Exchange Discussions Subject: unread mail marked read by itself ? Is this possible? Several members of the firm that I am consulting for claim to have had this problem. They came in one morning several days ago and to their surprise, mail that they NEVER read was marked as being read by outlook. The firm is running Exchange 5.5 with outlook as a client . Some possibilities are: 1.)something happened to the internal database that caused this error.2.) Someone within the company tampered with the mail and read their mail, thus marking it as read. 3.) Perhaps their backup system had something to do with it. They are doing brick level back ups using Veritas 8.5. #3 does not seem like an option since only two people, albeit high level IT people, were affected. This also NEVER happened before. Any help would be appreciated. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Any way to change items in IMS queue
Daniel: Good idea! It worked...sort of. If I stop and restart the IMS service, it now gives me an error saying: The Microsoft Exchange Internet Mail Service service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 0 milliseconds: No action. I scooted all of the messages over to a temp directory and re-started it. It started fine. I stopped it and moved a few at a time and re-started it. A couple of the messages are causing the problem - any idea why? Arch -Original Message- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 27, 2002 4:19 PM To: Exchange Discussions Subject: Re: Any way to change items in IMS queue Ouch... 1. A search-and-replace utility. Run it against the \exchsrvr\imcdata\out directory and replace all instances of 1.2.3.4 with a name. That name will exist in the HOSTS files mapping to the correct IP. 2. Set the IMS to accept messages for 1.2.3.4 and redirect to the correct name or correct IP. Move those messages out of the \out folder and into the \in folder. - Original Message - From: "Arch Willingham" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Sunday, January 27, 2002 2:24 PM Subject: RE: Any way to change items in IMS queue > I'll make it worse...the old name was just an IP address. The guy that set > it up used the ip address instead of a name. Will it still work? > > -Original Message- > From: Daniel Chenault [mailto:[EMAIL PROTECTED]] > Sent: Sunday, January 27, 2002 2:50 PM > To: Exchange Discussions > Subject: Re: Any way to change items in IMS queue > > > Fastest way would be to make an entry in the server's HOSTS file pairing the > old name with the new IP. Keep it until those items flush out. > > - Original Message - > From: "Arch Willingham" <[EMAIL PROTECTED]> > To: "Exchange Discussions" <[EMAIL PROTECTED]> > Sent: Sunday, January 27, 2002 12:52 PM > Subject: Any way to change items in IMS queue > > > > I have a bunch of items that are stacked up in the IMS queue. The site > name > > where they used to get delivered to has changed and has a new ip address. > Is > > there any way to change the existing items so that they will go to the new > > address? > > > > Thanks, > > > > Arch Willingham > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
This is a possibility. If this was the case someone would have to sit there and scroll though each message thus marking it as read. Correct? TIA -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 10:20 AM To: Exchange Discussions Subject: RE: unread mail marked read by itself ? I would guess someone is reading their email. They probably have OL set to mark as read when selection changes. -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:17 AM To: Exchange Discussions Subject: unread mail marked read by itself ? Is this possible? Several members of the firm that I am consulting for claim to have had this problem. They came in one morning several days ago and to their surprise, mail that they NEVER read was marked as being read by outlook. The firm is running Exchange 5.5 with outlook as a client . Some possibilities are: 1.)something happened to the internal database that caused this error.2.) Someone within the company tampered with the mail and read their mail, thus marking it as read. 3.) Perhaps their backup system had something to do with it. They are doing brick level back ups using Veritas 8.5. #3 does not seem like an option since only two people, albeit high level IT people, were affected. This also NEVER happened before. Any help would be appreciated. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
http://www.messagelabs.com are blocking it.. Les Bessant MCP[1] mailto:[EMAIL PROTECTED] IT Manager, Sanderson Townend & Gilbert Acting in a personal capacity http://www.tiggercam.co.uk - New, improved and with more bounce! [1] Just those pesky electives to go... >-Original Message- >From: Couch, Nate [mailto:[EMAIL PROTECTED]] >Sent: Monday, January 28, 2002 3:21 PM >To: Exchange Discussions >Subject: RE: Alert: W32/Myparty-mm on the loose > > >Most of the systems I am monitoring are blocking it as a VBS script. > >Nate Couch >EDS Messaging > >-Original Message- >From: Kim Schotanus [mailto:[EMAIL PROTECTED]] >Sent: Monday, January 28, 2002 8:36 AM >To: Exchange Discussions >Subject: RE: Alert: W32/Myparty-mm on the loose > > >trend has just launched pattern 212 > >-Original Message- >From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] >Sent: 28 January, 2002 3:20 PM >To: Exchange Discussions >Subject: RE: Alert: W32/Myparty-mm on the loose > > >Somehow this one slipped past our .com filter on our linux firewall. >NAV >for exchange caught it by the .COM extension, and norton had just >liveupdated us an hour earlier with the new definitions that would have >caught it if it wasn't a blocked extension. I think the syntax of the >attachment code is probably not RFC compliant. > >Tom > >-Original Message- >From: Chris Scharff [mailto:[EMAIL PROTECTED]] >Sent: Monday, January 28, 2002 9:03 AM >To: Exchange Discussions >Subject: RE: Alert: W32/Myparty-mm on the loose > > >Fortunately we're all blocking *.com right? The *.com viruses are going >to >take forever to combat from a social engineering standpoint. It's >probably >worth investing some time in user education on .com files because I >think >this is going to be a new favorite virus writing style for the next few >months. > >Chris Scharff >The Mail Resource Center >http://www.mail-resources.com > >-Original Message- >From: Martin Blackstone >To: Exchange Discussions >Sent: 1/28/2002 7:57 AM >Subject: FW: Alert: W32/Myparty-mm on the loose > > > >-Original Message- >From: Russ [mailto:[EMAIL PROTECTED]] >Sent: Monday, January 28, 2002 5:45 AM >To: [EMAIL PROTECTED] >Subject: Alert: W32/Myparty-mm on the loose > > >Be aware that this morning you will likely find a copy of this new mass >mailer in your mail systems. This is a pure social engineering attack, >it >contains an attachment named as a URL with a .com extension. Since .com >is >also an application, it will be run as such if its double-clicked on. >Check >with your AV company for updates and/or filtering criteria. If you can, >be >sure you have attachment filtering enabled at your mail >gateway. Outlook >Email Security Update, and Outlook 2002, both catch this attachment and >prevent it from being available for the user to click on. > >Cheers, >Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor > > >_ >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe: mailto:[EMAIL PROTECTED] >Exchange List admin:[EMAIL PROTECTED] > >_ >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe: mailto:[EMAIL PROTECTED] >Exchange List admin:[EMAIL PROTECTED] > >_ >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe: mailto:[EMAIL PROTECTED] >Exchange List admin:[EMAIL PROTECTED] > >_ >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe: mailto:[EMAIL PROTECTED] >Exchange List admin:[EMAIL PROTECTED] > >___ >_ >This e-mail has been scanned for all viruses by Star Internet. The >service is powered by MessageLabs. For more information on a proactive >anti-virus service working around the clock, around the globe, visit: >http://www.star.net.uk >___ >_ > The information in this communication and any attachments is confidential and may be legally privileged. It is intended solely for the addressee. If you are not the intended recipient any use, review, dissemination, distribution or copying of this information is strictly prohibited. If you have received this communication in error please notify us immediately on 0191 261 2681 and delete the original message and any copies of it. Any opinions, conclusions or other information in th
RE: Alert: W32/Myparty-mm on the loose
Also another classic example of what a POS Mcafee is. They are saying they will release a DAT for it on the 30th -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:21 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Most of the systems I am monitoring are blocking it as a VBS script. Nate Couch EDS Messaging -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:36 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose trend has just launched pattern 212 -Original Message- From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] Sent: 28 January, 2002 3:20 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Somehow this one slipped past our .com filter on our linux firewall. NAV for exchange caught it by the .COM extension, and norton had just liveupdated us an hour earlier with the new definitions that would have caught it if it wasn't a blocked extension. I think the syntax of the attachment code is probably not RFC compliant. Tom -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:03 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Fortunately we're all blocking *.com right? The *.com viruses are going to take forever to combat from a social engineering standpoint. It's probably worth investing some time in user education on .com files because I think this is going to be a new favorite virus writing style for the next few months. Chris Scharff The Mail Resource Center http://www.mail-resources.com -Original Message- From: Martin Blackstone To: Exchange Discussions Sent: 1/28/2002 7:57 AM Subject: FW: Alert: W32/Myparty-mm on the loose -Original Message- From: Russ [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:45 AM To: [EMAIL PROTECTED] Subject: Alert: W32/Myparty-mm on the loose Be aware that this morning you will likely find a copy of this new mass mailer in your mail systems. This is a pure social engineering attack, it contains an attachment named as a URL with a .com extension. Since .com is also an application, it will be run as such if its double-clicked on. Check with your AV company for updates and/or filtering criteria. If you can, be sure you have attachment filtering enabled at your mail gateway. Outlook Email Security Update, and Outlook 2002, both catch this attachment and prevent it from being available for the user to click on. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: unread mail marked read by itself ?????
I would guess someone is reading their email. They probably have OL set to mark as read when selection changes. -Original Message- From: Aristotle Zoulas [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 7:17 AM To: Exchange Discussions Subject: unread mail marked read by itself ? Is this possible? Several members of the firm that I am consulting for claim to have had this problem. They came in one morning several days ago and to their surprise, mail that they NEVER read was marked as being read by outlook. The firm is running Exchange 5.5 with outlook as a client . Some possibilities are: 1.)something happened to the internal database that caused this error.2.) Someone within the company tampered with the mail and read their mail, thus marking it as read. 3.) Perhaps their backup system had something to do with it. They are doing brick level back ups using Veritas 8.5. #3 does not seem like an option since only two people, albeit high level IT people, were affected. This also NEVER happened before. Any help would be appreciated. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Alert: W32/Myparty-mm on the loose
Most of the systems I am monitoring are blocking it as a VBS script. Nate Couch EDS Messaging -Original Message- From: Kim Schotanus [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 8:36 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose trend has just launched pattern 212 -Original Message- From: Alverson, Thomas M. [mailto:[EMAIL PROTECTED]] Sent: 28 January, 2002 3:20 PM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Somehow this one slipped past our .com filter on our linux firewall. NAV for exchange caught it by the .COM extension, and norton had just liveupdated us an hour earlier with the new definitions that would have caught it if it wasn't a blocked extension. I think the syntax of the attachment code is probably not RFC compliant. Tom -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:03 AM To: Exchange Discussions Subject: RE: Alert: W32/Myparty-mm on the loose Fortunately we're all blocking *.com right? The *.com viruses are going to take forever to combat from a social engineering standpoint. It's probably worth investing some time in user education on .com files because I think this is going to be a new favorite virus writing style for the next few months. Chris Scharff The Mail Resource Center http://www.mail-resources.com -Original Message- From: Martin Blackstone To: Exchange Discussions Sent: 1/28/2002 7:57 AM Subject: FW: Alert: W32/Myparty-mm on the loose -Original Message- From: Russ [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 5:45 AM To: [EMAIL PROTECTED] Subject: Alert: W32/Myparty-mm on the loose Be aware that this morning you will likely find a copy of this new mass mailer in your mail systems. This is a pure social engineering attack, it contains an attachment named as a URL with a .com extension. Since .com is also an application, it will be run as such if its double-clicked on. Check with your AV company for updates and/or filtering criteria. If you can, be sure you have attachment filtering enabled at your mail gateway. Outlook Email Security Update, and Outlook 2002, both catch this attachment and prevent it from being available for the user to click on. Cheers, Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]