RE: ScanMail missing tricks?
Definitely need to be zipped up. Especially since all scanmail versions since 3.7 scan the headers of files so you can't even rename a file's extension anymore. Also the AVAPI mode was known to miss files (not sure if this was ever fixed since trend did switch the way they scan in 5.5) if it ever got overloaded. The good thing about the latest scanmail is that it scans outgoing email also since it hits the store first before being sent. I believe trend has a .dll that sits in memory (ESE API mode) and scans store writing so you won't have the MAPI problem either. We've been running the new mode since 3.7 (currently on 3.8) and haven't had any problems with corruption or anything. -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 12:25 PM To: Exchange Discussions Subject: Re: ScanMail missing tricks? Sometimes users get sent legitimate executables, they get blocked because of the extention, so I have to copy it to a share for them to retrieve it - I'm then reliant on the AV on my desktop, what I'd prefer is for the virus checker to say "is it infected" before it looks at whether it should quarantine that sort of file. Maybe I'm looking at it the wrong way, but that's just how I'd like it to work - in fairness with 3.81 they're most of the way there with the integrated quarantine manager section. regards paul - Original Message - From: "Ward, Stuart" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, June 06, 2003 5:06 PM Subject: RE: ScanMail missing tricks? > Why would it need to? > > -Original Message- > From: Paul Hutchings [mailto:[EMAIL PROTECTED] > Sent: Friday, June 06, 2003 11:58 AM > To: Exchange Discussions > Subject: RE: ScanMail missing tricks? > > > No problems here with 3.81 - one thing I wish it did do was to scan > attachments blocked by extention blocking - we've had loads of bugbears > quarantined for being .exe's , but it doesn't seem to actually scan them as > well. > > regards, > Paul > -- > Paul Hutchings > Network Administrator, MIRA Ltd. > Tel: 024 7635 5378, Fax: 024 7635 8378 > mailto:[EMAIL PROTECTED] > > > -Original Message- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > Sent: 06 June 2003 15:46 > > To: Exchange Discussions > > Subject: RE: ScanMail missing tricks? > > > > > > You might want to consider upgrading to Scanmail 3.81. I believe it > > functions a LOT better. > > > > -- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -Original Message- > > > From: Tim Gowen [mailto:[EMAIL PROTECTED] > > > Sent: Friday, June 06, 2003 10:25 AM > > > To: Exchange Discussions > > > Subject: ScanMail missing tricks? > > > > > > > > > > > > A user got an infected attachment right to her Inbox, which > > > doesn't ever happen here since we started using ScanMail. I > > > have ScanMail 3.52 (Exch 5.5 > > > SP4) blocking all the attachments on the List of Danger, and > > > yet this BUGBEAR.B file - QABACKUP.EXE.SCR - got through to > > > the Inbox. A Manual scan showed up six other virus-infected > > > attachments which had apparently got through. But the manual > > > scan does not pick up the file I just mentioned, which is now > > > in my Deleted Items. A copy is on my hard drive and Sophos > > > AntiVirus also doesn't detect it. > > > > > > Is it possible that ScanMail misses out on some messages if > > > several arrive at once, or is there another more likely > > > solution? I have sent the file to Trend and Sophos to see > > > what they say, but the attachment blocking was, I thought, > > > non-negotiable and always works. Luckily I badger my users > > > about the danger of attachments on a fairly regular basis. > > > > > > > > > Tim > > > > > > -- > > > Tim Gowen > > > RAF Museum > > > IT Dept. > > > > > > > > > Confidentiality: This e-mail and its attachments are intended > > > for the above named only and may be confidential. If they > > > have come to you in error you must take no action based on > > > them, nor must you copy or show them to anyone; please reply > > > to this e-mail and highlight the error. > > > > > > Security Warning: Please note that this e-mail has been
Re: ScanMail missing tricks?
Yeah, but I am running in AVAPI mode and the scan engine and pattern file are current. It's getting some Bugbears but not others. Tim Subject: Re: ScanMail missing tricks? From: "Ray Beckwith" <[EMAIL PROTECTED]> Date: Fri, 6 Jun 2003 09:13:31 -0700 X-Message-Number: 17 We had this issue a while back when we first started using ScanMail. We found out from Trend that when ScanMail runs in MAPI mode, it doesn't scan the attachments until AFTER the message is in the inbox; which leaves the possibility if the server is extremely busy scanning, the user could see and even open the message before the scanner gets to it. The solution was to run ScanMail in AVAPI mode instead. This mode intercepts attachments before they reach the IS. Just be sure you have upgraded to the latest version of ScanMail and the latest Exchange SP first as there have been issues with AVAPI mode in earlier versions crashing the IS. Check the list archives for this topic. I know it was discussed here a couple years ago. Good Luck. Ray _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: ScanMail missing tricks?
Have them 'zipped' up... -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 12:25 PM To: Exchange Discussions Subject: Re: ScanMail missing tricks? Sometimes users get sent legitimate executables, they get blocked because of the extention, so I have to copy it to a share for them to retrieve it - I'm then reliant on the AV on my desktop, what I'd prefer is for the virus checker to say "is it infected" before it looks at whether it should quarantine that sort of file. Maybe I'm looking at it the wrong way, but that's just how I'd like it to work - in fairness with 3.81 they're most of the way there with the integrated quarantine manager section. regards paul - Original Message - From: "Ward, Stuart" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, June 06, 2003 5:06 PM Subject: RE: ScanMail missing tricks? > Why would it need to? > > -Original Message- > From: Paul Hutchings [mailto:[EMAIL PROTECTED] > Sent: Friday, June 06, 2003 11:58 AM > To: Exchange Discussions > Subject: RE: ScanMail missing tricks? > > > No problems here with 3.81 - one thing I wish it did do was to scan > attachments blocked by extention blocking - we've had loads of bugbears > quarantined for being .exe's , but it doesn't seem to actually scan them as > well. > > regards, > Paul > -- > Paul Hutchings > Network Administrator, MIRA Ltd. > Tel: 024 7635 5378, Fax: 024 7635 8378 > mailto:[EMAIL PROTECTED] > > > -----Original Message- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > Sent: 06 June 2003 15:46 > > To: Exchange Discussions > > Subject: RE: ScanMail missing tricks? > > > > > > You might want to consider upgrading to Scanmail 3.81. I believe it > > functions a LOT better. > > > > -- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -Original Message- > > > From: Tim Gowen [mailto:[EMAIL PROTECTED] > > > Sent: Friday, June 06, 2003 10:25 AM > > > To: Exchange Discussions > > > Subject: ScanMail missing tricks? > > > > > > > > > > > > A user got an infected attachment right to her Inbox, which > > > doesn't ever happen here since we started using ScanMail. I > > > have ScanMail 3.52 (Exch 5.5 > > > SP4) blocking all the attachments on the List of Danger, and > > > yet this BUGBEAR.B file - QABACKUP.EXE.SCR - got through to > > > the Inbox. A Manual scan showed up six other virus-infected > > > attachments which had apparently got through. But the manual > > > scan does not pick up the file I just mentioned, which is now > > > in my Deleted Items. A copy is on my hard drive and Sophos > > > AntiVirus also doesn't detect it. > > > > > > Is it possible that ScanMail misses out on some messages if > > > several arrive at once, or is there another more likely > > > solution? I have sent the file to Trend and Sophos to see > > > what they say, but the attachment blocking was, I thought, > > > non-negotiable and always works. Luckily I badger my users > > > about the danger of attachments on a fairly regular basis. > > > > > > > > > Tim > > > > > > -- > > > Tim Gowen > > > RAF Museum > > > IT Dept. > > > > > > > > > Confidentiality: This e-mail and its attachments are intended > > > for the above named only and may be confidential. If they > > > have come to you in error you must take no action based on > > > them, nor must you copy or show them to anyone; please reply > > > to this e-mail and highlight the error. > > > > > > Security Warning: Please note that this e-mail has been > > > created in the knowledge that Internet e-mail is not a 100% > > > secure communications medium. We advise that you understand > > > and observe this lack of security when e-mailing us. > > > > > > Viruses: Although we have taken steps to ensure that this > > > e-mail and attachments are free from any virus, we advise > > > that in keeping with good computing practice the recipient > > > should take steps to confirm that they are actually virus free. > > > > > > > > > > > > _ > > > List posting F
RE: ScanMail missing tricks?
Admin's don't let users receive EXE's via email. FAQ -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Paul Hutchings [mailto:[EMAIL PROTECTED] > Sent: Friday, June 06, 2003 12:25 PM > To: Exchange Discussions > Subject: Re: ScanMail missing tricks? > > > Sometimes users get sent legitimate executables, they get > blocked because of the extention, so I have to copy it to a > share for them to retrieve it - I'm then reliant on the AV on > my desktop, what I'd prefer is for the virus checker to say > "is it infected" before it looks at whether it should > quarantine that sort of file. > > Maybe I'm looking at it the wrong way, but that's just how > I'd like it to work - in fairness with 3.81 they're most of > the way there with the integrated quarantine manager section. > > regards > paul > - Original Message - > From: "Ward, Stuart" <[EMAIL PROTECTED]> > To: "Exchange Discussions" <[EMAIL PROTECTED]> > Sent: Friday, June 06, 2003 5:06 PM > Subject: RE: ScanMail missing tricks? > > > > Why would it need to? > > > > -----Original Message- > > From: Paul Hutchings [mailto:[EMAIL PROTECTED] > > Sent: Friday, June 06, 2003 11:58 AM > > To: Exchange Discussions > > Subject: RE: ScanMail missing tricks? > > > > > > No problems here with 3.81 - one thing I wish it did do was to scan > > attachments blocked by extention blocking - we've had loads of > > bugbears quarantined for being .exe's , but it doesn't seem to > > actually scan them > as > > well. > > > > regards, > > Paul > > -- > > Paul Hutchings > > Network Administrator, MIRA Ltd. > > Tel: 024 7635 5378, Fax: 024 7635 8378 > > mailto:[EMAIL PROTECTED] > > > > > -Original Message- > > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > > Sent: 06 June 2003 15:46 > > > To: Exchange Discussions > > > Subject: RE: ScanMail missing tricks? > > > > > > > > > You might want to consider upgrading to Scanmail 3.81. I > believe it > > > functions a LOT better. > > > > > > -- > > > Roger D. Seielstad - MTS MCSE MS-MVP > > > Sr. Systems Administrator > > > Inovis Inc. > > > > > > > > > > -Original Message- > > > > From: Tim Gowen [mailto:[EMAIL PROTECTED] > > > > Sent: Friday, June 06, 2003 10:25 AM > > > > To: Exchange Discussions > > > > Subject: ScanMail missing tricks? > > > > > > > > > > > > > > > > A user got an infected attachment right to her Inbox, which > > > > doesn't ever happen here since we started using > ScanMail. I have > > > > ScanMail 3.52 (Exch 5.5 > > > > SP4) blocking all the attachments on the List of > Danger, and yet > > > > this BUGBEAR.B file - QABACKUP.EXE.SCR - got through to > the Inbox. > > > > A Manual scan showed up six other virus-infected > attachments which > > > > had apparently got through. But the manual scan does > not pick up > > > > the file I just mentioned, which is now in my Deleted Items. A > > > > copy is on my hard drive and Sophos AntiVirus also > doesn't detect > > > > it. > > > > > > > > Is it possible that ScanMail misses out on some messages if > > > > several arrive at once, or is there another more likely > solution? > > > > I have sent the file to Trend and Sophos to see what > they say, but > > > > the attachment blocking was, I thought, non-negotiable > and always > > > > works. Luckily I badger my users about the danger of > attachments > > > > on a fairly regular basis. > > > > > > > > > > > > Tim > > > > > > > > -- > > > > Tim Gowen > > > > RAF Museum > > > > IT Dept. > > > > > > > > > > > > Confidentiality: This e-mail and its attachments are > intended for > > > > the above named only and may be confidential. If they > have come to > > > > you in error you must take no action based on them, nor > must you > > > > copy or show them to anyone; please reply to this e-
RE: ScanMail missing tricks?
I don't quarantine. If it can't be cleaned, its deleted... -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Paul Hutchings [mailto:[EMAIL PROTECTED] > Sent: Friday, June 06, 2003 11:58 AM > To: Exchange Discussions > Subject: RE: ScanMail missing tricks? > > > No problems here with 3.81 - one thing I wish it did do was > to scan attachments blocked by extention blocking - we've had > loads of bugbears quarantined for being .exe's , but it > doesn't seem to actually scan them as well. > > regards, > Paul > -- > Paul Hutchings > Network Administrator, MIRA Ltd. > Tel: 024 7635 5378, Fax: 024 7635 8378 > mailto:[EMAIL PROTECTED] > > > -Original Message- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > Sent: 06 June 2003 15:46 > > To: Exchange Discussions > > Subject: RE: ScanMail missing tricks? > > > > > > You might want to consider upgrading to Scanmail 3.81. I believe it > > functions a LOT better. > > > > -- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -Original Message- > > > From: Tim Gowen [mailto:[EMAIL PROTECTED] > > > Sent: Friday, June 06, 2003 10:25 AM > > > To: Exchange Discussions > > > Subject: ScanMail missing tricks? > > > > > > > > > > > > A user got an infected attachment right to her Inbox, which > > > doesn't ever happen here since we started using ScanMail. I > > > have ScanMail 3.52 (Exch 5.5 > > > SP4) blocking all the attachments on the List of Danger, and > > > yet this BUGBEAR.B file - QABACKUP.EXE.SCR - got through to > > > the Inbox. A Manual scan showed up six other virus-infected > > > attachments which had apparently got through. But the manual > > > scan does not pick up the file I just mentioned, which is now > > > in my Deleted Items. A copy is on my hard drive and Sophos > > > AntiVirus also doesn't detect it. > > > > > > Is it possible that ScanMail misses out on some messages if > > > several arrive at once, or is there another more likely > > > solution? I have sent the file to Trend and Sophos to see > > > what they say, but the attachment blocking was, I thought, > > > non-negotiable and always works. Luckily I badger my users > > > about the danger of attachments on a fairly regular basis. > > > > > > > > > Tim > > > > > > -- > > > Tim Gowen > > > RAF Museum > > > IT Dept. > > > > > > > > > Confidentiality: This e-mail and its attachments are intended > > > for the above named only and may be confidential. If they > > > have come to you in error you must take no action based on > > > them, nor must you copy or show them to anyone; please reply > > > to this e-mail and highlight the error. > > > > > > Security Warning: Please note that this e-mail has been > > > created in the knowledge that Internet e-mail is not a 100% > > > secure communications medium. We advise that you understand > > > and observe this lack of security when e-mailing us. > > > > > > Viruses: Although we have taken steps to ensure that this > > > e-mail and attachments are free from any virus, we advise > > > that in keeping with good computing practice the recipient > > > should take steps to confirm that they are actually virus free. > > > > > > > > > > > > _ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang=english > > To unsubscribe: mailto:[EMAIL PROTECTED] > > Exchange List admin:[EMAIL PROTECTED] > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: ScanMail missing tricks?
Sometimes users get sent legitimate executables, they get blocked because of the extention, so I have to copy it to a share for them to retrieve it - I'm then reliant on the AV on my desktop, what I'd prefer is for the virus checker to say "is it infected" before it looks at whether it should quarantine that sort of file. Maybe I'm looking at it the wrong way, but that's just how I'd like it to work - in fairness with 3.81 they're most of the way there with the integrated quarantine manager section. regards paul - Original Message - From: "Ward, Stuart" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Friday, June 06, 2003 5:06 PM Subject: RE: ScanMail missing tricks? > Why would it need to? > > -Original Message- > From: Paul Hutchings [mailto:[EMAIL PROTECTED] > Sent: Friday, June 06, 2003 11:58 AM > To: Exchange Discussions > Subject: RE: ScanMail missing tricks? > > > No problems here with 3.81 - one thing I wish it did do was to scan > attachments blocked by extention blocking - we've had loads of bugbears > quarantined for being .exe's , but it doesn't seem to actually scan them as > well. > > regards, > Paul > -- > Paul Hutchings > Network Administrator, MIRA Ltd. > Tel: 024 7635 5378, Fax: 024 7635 8378 > mailto:[EMAIL PROTECTED] > > > -----Original Message- > > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > > Sent: 06 June 2003 15:46 > > To: Exchange Discussions > > Subject: RE: ScanMail missing tricks? > > > > > > You might want to consider upgrading to Scanmail 3.81. I believe it > > functions a LOT better. > > > > -- > > Roger D. Seielstad - MTS MCSE MS-MVP > > Sr. Systems Administrator > > Inovis Inc. > > > > > > > -Original Message- > > > From: Tim Gowen [mailto:[EMAIL PROTECTED] > > > Sent: Friday, June 06, 2003 10:25 AM > > > To: Exchange Discussions > > > Subject: ScanMail missing tricks? > > > > > > > > > > > > A user got an infected attachment right to her Inbox, which > > > doesn't ever happen here since we started using ScanMail. I > > > have ScanMail 3.52 (Exch 5.5 > > > SP4) blocking all the attachments on the List of Danger, and > > > yet this BUGBEAR.B file - QABACKUP.EXE.SCR - got through to > > > the Inbox. A Manual scan showed up six other virus-infected > > > attachments which had apparently got through. But the manual > > > scan does not pick up the file I just mentioned, which is now > > > in my Deleted Items. A copy is on my hard drive and Sophos > > > AntiVirus also doesn't detect it. > > > > > > Is it possible that ScanMail misses out on some messages if > > > several arrive at once, or is there another more likely > > > solution? I have sent the file to Trend and Sophos to see > > > what they say, but the attachment blocking was, I thought, > > > non-negotiable and always works. Luckily I badger my users > > > about the danger of attachments on a fairly regular basis. > > > > > > > > > Tim > > > > > > -- > > > Tim Gowen > > > RAF Museum > > > IT Dept. > > > > > > > > > Confidentiality: This e-mail and its attachments are intended > > > for the above named only and may be confidential. If they > > > have come to you in error you must take no action based on > > > them, nor must you copy or show them to anyone; please reply > > > to this e-mail and highlight the error. > > > > > > Security Warning: Please note that this e-mail has been > > > created in the knowledge that Internet e-mail is not a 100% > > > secure communications medium. We advise that you understand > > > and observe this lack of security when e-mailing us. > > > > > > Viruses: Although we have taken steps to ensure that this > > > e-mail and attachments are free from any virus, we advise > > > that in keeping with good computing practice the recipient > > > should take steps to confirm that they are actually virus free. > > > > > > > > > > > > _ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: > > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > > ext_mode=&lang=english >
Re: ScanMail missing tricks?
We had this issue a while back when we first started using ScanMail. We found out from Trend that when ScanMail runs in MAPI mode, it doesn't scan the attachments until AFTER the message is in the inbox; which leaves the possibility if the server is extremely busy scanning, the user could see and even open the message before the scanner gets to it. The solution was to run ScanMail in AVAPI mode instead. This mode intercepts attachments before they reach the IS. Just be sure you have upgraded to the latest version of ScanMail and the latest Exchange SP first as there have been issues with AVAPI mode in earlier versions crashing the IS. Check the list archives for this topic. I know it was discussed here a couple years ago. Good Luck. Ray _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: ScanMail missing tricks?
I'd check your Scan Engine and make sure you have the latest scan engine & pattern file. I'd also enable AVAPI if you're not yet. Brian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Public Folder: Exchange Sent: Friday, June 06, 2003 9:40 AM To: Exchange Discussions Subject: RE: ScanMail missing tricks? I don't know what the deal is with this latest version of BugBear, but it's really a problem. I started having issues with it on the 4th. The remote access and key logger are the scary parts of this worm. I have had it get past two A/V scanners. One on mail and one on workstations. I have double extensions blocked and all the usual extensions too. I recommend everyone be on alert for this one: http://vil.nai.com/vil/content/v_100358.htm http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_BUGBE AR.B -Kevin > -Original Message- > From: Tim Gowen [mailto:[EMAIL PROTECTED] > Posted At: Friday, June 06, 2003 7:25 AM > Posted To: Exchange > Conversation: ScanMail missing tricks? > Subject: ScanMail missing tricks? > > > > A user got an infected attachment right to her Inbox, which > doesn't ever > happen here since we started using ScanMail. I have ScanMail > 3.52 (Exch 5.5 > SP4) blocking all the attachments on the List of Danger, and yet this > BUGBEAR.B file - QABACKUP.EXE.SCR - got through to the Inbox. > A Manual scan > showed up six other virus-infected attachments which had > apparently got > through. But the manual scan does not pick up the file I > just mentioned, > which is now in my Deleted Items. A copy is on my hard drive > and Sophos > AntiVirus also doesn't detect it. > > Is it possible that ScanMail misses out on some messages if > several arrive > at once, or is there another more likely solution? I have > sent the file to > Trend and Sophos to see what they say, but the attachment > blocking was, I > thought, non-negotiable and always works. Luckily I badger > my users about > the danger of attachments on a fairly regular basis. > > > Tim > > -- > Tim Gowen > RAF Museum > IT Dept. > > > Confidentiality: This e-mail and its attachments are intended > for the above > named only and may be confidential. If they have come to you > in error you > must take no action based on them, nor must you copy or show > them to anyone; > please reply to this e-mail and highlight the error. > > Security Warning: Please note that this e-mail has been created in the > knowledge that Internet e-mail is not a 100% secure > communications medium. > We advise that you understand and observe this lack of security when > e-mailing us. > > Viruses: Although we have taken steps to ensure that this e-mail and > attachments are free from any virus, we advise that in > keeping with good > computing practice the recipient should take steps to confirm > that they are > actually virus free. > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: ScanMail missing tricks?
Why would it need to? -Original Message- From: Paul Hutchings [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 11:58 AM To: Exchange Discussions Subject: RE: ScanMail missing tricks? No problems here with 3.81 - one thing I wish it did do was to scan attachments blocked by extention blocking - we've had loads of bugbears quarantined for being .exe's , but it doesn't seem to actually scan them as well. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] > -Original Message- > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > Sent: 06 June 2003 15:46 > To: Exchange Discussions > Subject: RE: ScanMail missing tricks? > > > You might want to consider upgrading to Scanmail 3.81. I believe it > functions a LOT better. > > -- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -Original Message- > > From: Tim Gowen [mailto:[EMAIL PROTECTED] > > Sent: Friday, June 06, 2003 10:25 AM > > To: Exchange Discussions > > Subject: ScanMail missing tricks? > > > > > > > > A user got an infected attachment right to her Inbox, which > > doesn't ever happen here since we started using ScanMail. I > > have ScanMail 3.52 (Exch 5.5 > > SP4) blocking all the attachments on the List of Danger, and > > yet this BUGBEAR.B file - QABACKUP.EXE.SCR - got through to > > the Inbox. A Manual scan showed up six other virus-infected > > attachments which had apparently got through. But the manual > > scan does not pick up the file I just mentioned, which is now > > in my Deleted Items. A copy is on my hard drive and Sophos > > AntiVirus also doesn't detect it. > > > > Is it possible that ScanMail misses out on some messages if > > several arrive at once, or is there another more likely > > solution? I have sent the file to Trend and Sophos to see > > what they say, but the attachment blocking was, I thought, > > non-negotiable and always works. Luckily I badger my users > > about the danger of attachments on a fairly regular basis. > > > > > > Tim > > > > -- > > Tim Gowen > > RAF Museum > > IT Dept. > > > > > > Confidentiality: This e-mail and its attachments are intended > > for the above named only and may be confidential. If they > > have come to you in error you must take no action based on > > them, nor must you copy or show them to anyone; please reply > > to this e-mail and highlight the error. > > > > Security Warning: Please note that this e-mail has been > > created in the knowledge that Internet e-mail is not a 100% > > secure communications medium. We advise that you understand > > and observe this lack of security when e-mailing us. > > > > Viruses: Although we have taken steps to ensure that this > > e-mail and attachments are free from any virus, we advise > > that in keeping with good computing practice the recipient > > should take steps to confirm that they are actually virus free. > > > > > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] Confidentiality Notice: The information contained in this e-mail and any attachments may be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: ScanMail missing tricks?
No problems here with 3.81 - one thing I wish it did do was to scan attachments blocked by extention blocking - we've had loads of bugbears quarantined for being .exe's , but it doesn't seem to actually scan them as well. regards, Paul -- Paul Hutchings Network Administrator, MIRA Ltd. Tel: 024 7635 5378, Fax: 024 7635 8378 mailto:[EMAIL PROTECTED] > -Original Message- > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > Sent: 06 June 2003 15:46 > To: Exchange Discussions > Subject: RE: ScanMail missing tricks? > > > You might want to consider upgrading to Scanmail 3.81. I believe it > functions a LOT better. > > -- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -Original Message- > > From: Tim Gowen [mailto:[EMAIL PROTECTED] > > Sent: Friday, June 06, 2003 10:25 AM > > To: Exchange Discussions > > Subject: ScanMail missing tricks? > > > > > > > > A user got an infected attachment right to her Inbox, which > > doesn't ever happen here since we started using ScanMail. I > > have ScanMail 3.52 (Exch 5.5 > > SP4) blocking all the attachments on the List of Danger, and > > yet this BUGBEAR.B file - QABACKUP.EXE.SCR - got through to > > the Inbox. A Manual scan showed up six other virus-infected > > attachments which had apparently got through. But the manual > > scan does not pick up the file I just mentioned, which is now > > in my Deleted Items. A copy is on my hard drive and Sophos > > AntiVirus also doesn't detect it. > > > > Is it possible that ScanMail misses out on some messages if > > several arrive at once, or is there another more likely > > solution? I have sent the file to Trend and Sophos to see > > what they say, but the attachment blocking was, I thought, > > non-negotiable and always works. Luckily I badger my users > > about the danger of attachments on a fairly regular basis. > > > > > > Tim > > > > -- > > Tim Gowen > > RAF Museum > > IT Dept. > > > > > > Confidentiality: This e-mail and its attachments are intended > > for the above named only and may be confidential. If they > > have come to you in error you must take no action based on > > them, nor must you copy or show them to anyone; please reply > > to this e-mail and highlight the error. > > > > Security Warning: Please note that this e-mail has been > > created in the knowledge that Internet e-mail is not a 100% > > secure communications medium. We advise that you understand > > and observe this lack of security when e-mailing us. > > > > Viruses: Although we have taken steps to ensure that this > > e-mail and attachments are free from any virus, we advise > > that in keeping with good computing practice the recipient > > should take steps to confirm that they are actually virus free. > > > > > > > > _ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: ScanMail missing tricks?
You might want to consider upgrading to Scanmail 3.81. I believe it functions a LOT better. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -Original Message- > From: Tim Gowen [mailto:[EMAIL PROTECTED] > Sent: Friday, June 06, 2003 10:25 AM > To: Exchange Discussions > Subject: ScanMail missing tricks? > > > > A user got an infected attachment right to her Inbox, which > doesn't ever happen here since we started using ScanMail. I > have ScanMail 3.52 (Exch 5.5 > SP4) blocking all the attachments on the List of Danger, and > yet this BUGBEAR.B file - QABACKUP.EXE.SCR - got through to > the Inbox. A Manual scan showed up six other virus-infected > attachments which had apparently got through. But the manual > scan does not pick up the file I just mentioned, which is now > in my Deleted Items. A copy is on my hard drive and Sophos > AntiVirus also doesn't detect it. > > Is it possible that ScanMail misses out on some messages if > several arrive at once, or is there another more likely > solution? I have sent the file to Trend and Sophos to see > what they say, but the attachment blocking was, I thought, > non-negotiable and always works. Luckily I badger my users > about the danger of attachments on a fairly regular basis. > > > Tim > > -- > Tim Gowen > RAF Museum > IT Dept. > > > Confidentiality: This e-mail and its attachments are intended > for the above named only and may be confidential. If they > have come to you in error you must take no action based on > them, nor must you copy or show them to anyone; please reply > to this e-mail and highlight the error. > > Security Warning: Please note that this e-mail has been > created in the knowledge that Internet e-mail is not a 100% > secure communications medium. We advise that you understand > and observe this lack of security when e-mailing us. > > Viruses: Although we have taken steps to ensure that this > e-mail and attachments are free from any virus, we advise > that in keeping with good computing practice the recipient > should take steps to confirm that they are actually virus free. > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: ScanMail missing tricks?
I don't know what the deal is with this latest version of BugBear, but it's really a problem. I started having issues with it on the 4th. The remote access and key logger are the scary parts of this worm. I have had it get past two A/V scanners. One on mail and one on workstations. I have double extensions blocked and all the usual extensions too. I recommend everyone be on alert for this one: http://vil.nai.com/vil/content/v_100358.htm http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_BUGBE AR.B -Kevin > -Original Message- > From: Tim Gowen [mailto:[EMAIL PROTECTED] > Posted At: Friday, June 06, 2003 7:25 AM > Posted To: Exchange > Conversation: ScanMail missing tricks? > Subject: ScanMail missing tricks? > > > > A user got an infected attachment right to her Inbox, which > doesn't ever > happen here since we started using ScanMail. I have ScanMail > 3.52 (Exch 5.5 > SP4) blocking all the attachments on the List of Danger, and yet this > BUGBEAR.B file - QABACKUP.EXE.SCR - got through to the Inbox. > A Manual scan > showed up six other virus-infected attachments which had > apparently got > through. But the manual scan does not pick up the file I > just mentioned, > which is now in my Deleted Items. A copy is on my hard drive > and Sophos > AntiVirus also doesn't detect it. > > Is it possible that ScanMail misses out on some messages if > several arrive > at once, or is there another more likely solution? I have > sent the file to > Trend and Sophos to see what they say, but the attachment > blocking was, I > thought, non-negotiable and always works. Luckily I badger > my users about > the danger of attachments on a fairly regular basis. > > > Tim > > -- > Tim Gowen > RAF Museum > IT Dept. > > > Confidentiality: This e-mail and its attachments are intended > for the above > named only and may be confidential. If they have come to you > in error you > must take no action based on them, nor must you copy or show > them to anyone; > please reply to this e-mail and highlight the error. > > Security Warning: Please note that this e-mail has been created in the > knowledge that Internet e-mail is not a 100% secure > communications medium. > We advise that you understand and observe this lack of security when > e-mailing us. > > Viruses: Although we have taken steps to ensure that this e-mail and > attachments are free from any virus, we advise that in > keeping with good > computing practice the recipient should take steps to confirm > that they are > actually virus free. > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: ScanMail missing tricks?
Is the size of the attachment incorrect in the email that goes undetected? > > -Original Message- > From: Tim Gowen [mailto:[EMAIL PROTECTED] > Sent: 06 June 2003 15:25 > To: Exchange Discussions > > > A user got an infected attachment right to her Inbox, which > doesn't ever happen here since we started using ScanMail. I > have ScanMail 3.52 (Exch 5.5 > SP4) blocking all the attachments on the List of Danger, and > yet this BUGBEAR.B file - QABACKUP.EXE.SCR - got through to > the Inbox. A Manual scan showed up six other virus-infected > attachments which had apparently got through. But the manual > scan does not pick up the file I just mentioned, which is now > in my Deleted Items. A copy is on my hard drive and Sophos > AntiVirus also doesn't detect it. > > Is it possible that ScanMail misses out on some messages if > several arrive at once, or is there another more likely > solution? I have sent the file to Trend and Sophos to see > what they say, but the attachment blocking was, I thought, > non-negotiable and always works. Luckily I badger my users > about the danger of attachments on a fairly regular basis. > > > Tim > > -- > Tim Gowen > RAF Museum > IT Dept. > > > Confidentiality: This e-mail and its attachments are intended > for the above named only and may be confidential. If they > have come to you in error you must take no action based on > them, nor must you copy or show them to anyone; please reply > to this e-mail and highlight the error. > > Security Warning: Please note that this e-mail has been > created in the knowledge that Internet e-mail is not a 100% > secure communications medium. > We advise that you understand and observe this lack of > security when e-mailing us. > > Viruses: Although we have taken steps to ensure that this > e-mail and attachments are free from any virus, we advise > that in keeping with good computing practice the recipient > should take steps to confirm that they are actually virus free. > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin:[EMAIL PROTECTED] > > _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: ScanMail missing tricks?
_ John Bowles Exchange Engineer OIG/HHS W. 202.690.6342 C. 202.359.7159 F. 202.690.7446 [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> -Original Message- From: Tim Gowen [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 10:25 AM To: Exchange Discussions Subject: ScanMail missing tricks? A user got an infected attachment right to her Inbox, which doesn't ever happen here since we started using ScanMail. I have ScanMail 3.52 (Exch 5.5 SP4) blocking all the attachments on the List of Danger, and yet this BUGBEAR.B file - QABACKUP.EXE.SCR - got through to the Inbox. A Manual scan showed up six other virus-infected attachments which had apparently got through. But the manual scan does not pick up the file I just mentioned, which is now in my Deleted Items. A copy is on my hard drive and Sophos AntiVirus also doesn't detect it. Is it possible that ScanMail misses out on some messages if several arrive at once, or is there another more likely solution? I have sent the file to Trend and Sophos to see what they say, but the attachment blocking was, I thought, non-negotiable and always works. Luckily I badger my users about the danger of attachments on a fairly regular basis. Tim -- Tim Gowen RAF Museum IT Dept. Confidentiality: This e-mail and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this e-mail and highlight the error. Security Warning: Please note that this e-mail has been created in the knowledge that Internet e-mail is not a 100% secure communications medium. We advise that you understand and observe this lack of security when e-mailing us. Viruses: Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should take steps to confirm that they are actually virus free. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
ScanMail missing tricks?
A user got an infected attachment right to her Inbox, which doesn't ever happen here since we started using ScanMail. I have ScanMail 3.52 (Exch 5.5 SP4) blocking all the attachments on the List of Danger, and yet this BUGBEAR.B file - QABACKUP.EXE.SCR - got through to the Inbox. A Manual scan showed up six other virus-infected attachments which had apparently got through. But the manual scan does not pick up the file I just mentioned, which is now in my Deleted Items. A copy is on my hard drive and Sophos AntiVirus also doesn't detect it. Is it possible that ScanMail misses out on some messages if several arrive at once, or is there another more likely solution? I have sent the file to Trend and Sophos to see what they say, but the attachment blocking was, I thought, non-negotiable and always works. Luckily I badger my users about the danger of attachments on a fairly regular basis. Tim -- Tim Gowen RAF Museum IT Dept. Confidentiality: This e-mail and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this e-mail and highlight the error. Security Warning: Please note that this e-mail has been created in the knowledge that Internet e-mail is not a 100% secure communications medium. We advise that you understand and observe this lack of security when e-mailing us. Viruses: Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should take steps to confirm that they are actually virus free. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
