I'd agree with everyone else re Scanmail or Antigen, or even a linux box,
but just to throw another into the mix try xwall from www.dataenter.at, we
use it on one of our inbound relays (mostly for the reporting and queue
management) and it's damned good for the money ($300).
Throw in a copy of
Damn Recruiters!
- Original Message -
From: Alverson, Tom [EMAIL PROTECTED]
To: Exchange Discussions [EMAIL PROTECTED]
Sent: Tuesday, August 19, 2003 9:20 PM
Subject: RE: DEU Resume
Yes, I think you have figured it out. Every time I make a post to this
list
I get another email from
I was curious how many have 3 layers of protection for their email systems.
My current assignment has me at a place where they are comfortable with
desktop and a set of SMTP servers doing virus and spam. Desktop is Symantec
and Trend on the SMTP servers. My gut feeling is to also protect the IS
We only run a 2 tier AV protection as well. Mailsweeper at the Gateway
and Sophos on the Desktops. We are looking into Sophos for Exchange,
but I'm not sure we even need it. Our level of detection and protection
so far has been outstanding.
-Original Message-
From: [EMAIL PROTECTED]
We use two, Scanmail on the Exchange boxes and F-Prot on one of our
gateways.
In fairness Scanmail's never missed anything, but for $20 it seemed sensible
to double-up.
Not sure I'd be comfortable not scanning internal IS traffic though?
regards,
Paul
--
Paul Hutchings
Network Administrator,
My feeling is somehow someone could not get the update from Symantec on the
desktop side, for what ever reason, then that person send and infected
messagel to one of the stores in the Exchange group then wham.
From: Paul Hutchings [EMAIL PROTECTED]
Reply-To: Exchange Discussions [EMAIL
We have three on most of our customers.
Nate Couch
EDS Messaging
--
From: Tony Hlabse
Reply To: Exchange Discussions
Sent: Wednesday, August 20, 2003 7:39 AM
To: Exchange Discussions
Subject: 3 Layers of Virus protection.
I was curious how many have
We do. We have an SMTP AV gateway/Anti SPAM box. Exchange AV. Desktop and
Server AV.
Remember, if a VPN or dialup user opens their hotmail at home and launches a
virus, its going straight for the OL contacts via Exchange. An SMTP gateway
isnt going to help you one bit. The desktop MAY catch it.
Good point
From: Martin Blackstone [EMAIL PROTECTED]
Reply-To: Exchange Discussions [EMAIL PROTECTED]
To: Exchange Discussions [EMAIL PROTECTED]
Subject: RE: 3 Layers of Virus protection.
Date: Wed, 20 Aug 2003 05:49:15 -0700
We do. We have an SMTP AV gateway/Anti SPAM box. Exchange AV. Desktop
Three here as well.
Sybari running Sophos engine on the protocol servers (all SMTP mail
passes through them, they are in an NLB cluster)
Mailbox Servers have Sybari with Norman Data Defense
Desktops have NAI McAfee
(Spam is marked by spam assassin on a couple of Linux boxes that sit in
front
We use 3.
We use Sophos on the mail gateway (MailSweeper), NAV MSE at server level,
NAV CE (excluding Exch) then NAV CE at desktop.
Despite MailSweeper blocking/quarantining 99.999% of everything we ask it
to, I have seen the odd thing get through.
We also get the odd 'prat' that 'bypasses'
It's known behavior (i.e. default and Symantec knows about it). If you
want someone to send you a zip file that contains a file with an
extension you are blocking, you can either have them password-protect it
(which Symantec can't scan - assuming you are not blocking encrypted
containers), or
Won't work. You can call Symantec and add it to the wishlist, but it's
gonna fall on deaf ears.
Ben Winzenz
Network Engineer
Gardner White
(317) 581-1580 ext 418
-Original Message-
From: MATTSON, Winston [mailto:[EMAIL PROTECTED]
Posted At: Tuesday, August 19, 2003 11:00 PM
Posted
We had been running 3 layers until it seems that Symantec's product for
Exchange 2000 (coupled with Corp Ed as file level) locked up the server
a couple of times. I can't prove it was Symantec, but I removed all AV
off our Exchange server, and it hasn't had a problem since. And yes,
I'm not
Ben:
Sounds like you may have a corrupted database. Have you thought
about running maintenance on the server?
John Matteson
Geac Corporate ISS
(404) 239 - 2981
Atlanta, Georgia, USA.
-Original Message-
From: Ben Winzenz [mailto:[EMAIL PROTECTED]
Posted At: Wednesday, August
We have 4 layers, call us paranoid...
Gateway(IMSS), Servers(ServerProtect), Scanmail for Exchange, OfficeScan
for Desktops. All Trend micro products.
Raj
-Original Message-
From: John Matteson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 8:46 AM
To: Exchange Discussions
That's a mighty big hole to leave open - one of your users POPs their home
account, or hits Hotmail/YahooMail/etc and pulls down an email worm, you're
100% infected internally. Not a risk I'd take.
We do 3 tier - gateway, Exchange and desktop. I wouldn't do less than that
anymore.
Exch2k3 with Outlook2k3 tech refresh...I get these errors every time
it synchs and from looking around I notice other admins are having the
same issue. Is it a beta problem with Outlook I hope? Anyone else
seeing this? Thanks.
9:38:23 Synchronizer Version 11.0.5329
9:38:23 Synchronizing
I don't have a corrupted database. Why would you or what leads you to
make that assumption? I have no 1018 errors, I have no event logs of
any kind that point to any database errors. The problem has not
re-occurred since removing the AV software. Like I said before, I did
not have the
Pardon my ignorance here about Sybari product. Doesnt it have its
propriery engine - why use Sophos and Norman Data Defense engine in this
instance?
Or perhaps, Sybari has to depend on 3rd party's AV engine ?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Our organization purchased licenses for Sophos and Norman... (Sybari
will also run NAI engine)... I use both as one of the two will usually
get an updated engine out before the other.
-Original Message-
From: by [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 10:06 AM
To:
Oh, and I'm about THIS close to unsubscribing that moron from the
military that set up the autoreply rule. There's no password on the
e-mail address on the web interface.
Ben Winzenz
Network Engineer
Gardner White
(317) 581-1580 ext 418
-Original Message-
From: Ben Winzenz
Posted
We here at the San Diego Community College District have 3, Trend for email,
Trend for servers and Cheyenne for the desk top.
-Original Message-
From: Tony Hlabse [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 5:39 AM
To: Exchange Discussions
Subject: 3 Layers of Virus
Hello All-
We are currently running Exchange 2k/Win2k Adv Srvr in a active/active
clustered scenario, my question is what are recommendations for running file base AV
on the Exchange servers? I have found several articles on MSKB and Symantec's website
but what/how is everybody else
We have Messagelabs - NAV for Gateways - NAV for Exchange - NAV
Corporate on the desktops.
Seems to work well as we've never had a virus reach one of the desktops.
Steve
-Original Message-
From: Tony Hlabse [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 7:39 AM
To:
I wish Trends IMSS would DO this
with the IMSS..if you zip it up it comes right thru...
so you could send all the EXE's etc...you like to your friends..
it's a bummer
bill
-Original Message-
From: Ben Winzenz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 9:23 AM
To:
VirusWall for Unix doesn't pass that through - in fact, I'm on a call with a
user about it now.
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Mellott, Bill
We use 3.
Cheers
Paul
Standards are like toothbrushes,
everyone wants one but not yours
-Original Message-
From: Tony Hlabse [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 5:39 AM
To: Exchange Discussions
Subject: 3 Layers of Virus protection.
I was curious how many have
42.
- Original Message -
From: Hurst, Paul [EMAIL PROTECTED]
To: Exchange Discussions [EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 11:40 AM
Subject: RE: 3 Layers of Virus protection.
We use 3.
Cheers
Paul
Standards are like toothbrushes,
everyone wants one but not yours
You can rename a file all you want and stick it in a zip file...it still
won't work with Symantec's product.
Symantec is smart enough that it doesn't look just at the extension of the
file in question, it looks inside the properties of the file somehow and
determines what the file type is that
I did try the Microsoft approved method, which was to run a
utility that
chops off the file at 2G (you have to experiment to find out
how much).
Chopped off data is lost forever.
For reference: I think this utility is caled pst2gb.exe A quick search showed it up on
several web sites free
When I was a messaging consultant I worked for a very large oil company
(well over 100k seats) that had scanning done on the SMTP gateways and on
the desktop, but nothing on the Exchange side (something like 120 e2k
servers). From what I remember they had not had a email born virus
We use four layers of protection as well:
1. Linux gateway doing subject and file type blocking.
2. NAV MSE on the mail servers.
3. NAV CE on all the desktops
4. NAV CE on all the servers.
-Original Message-
From: Tony Hlabse [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20,
That is sort of the infrastructure here also with theno so strict usage but
access is strict. They allow IM and personal email account to be loaded but
on a smaller scale 8k user base. There are looking into putting something on
the IS's for the reason of a somewhatr open policy on the
Well...after three more from that mental midget, I can tell you we won't
have to worry about him/her for awhile.
-Original Message-
From: Ben Winzenz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 8:16 AM
To: Exchange Discussions
Subject: RE: 3 Layers of Virus protection.
interesting that the NT product does
-Original Message-
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 11:34 AM
To: Exchange Discussions
Subject: RE: SAV for SMTP Gateways - blocking extensions within ZIP??
VirusWall for Unix doesn't pass that through -
Depends on the version I suppose, but the 3.7 and 3.8 Unix versions kill the
files
--
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-Original Message-
From: Mellott, Bill [mailto:[EMAIL
sorry my bad...Im running IMSS515..never loaded the viruswall since IMSS was
supposed to be the better..updated version at least that is what trend
told me...
I might just load up virus wall and see...
As a note: Scanmail also let's thing thru that are ZIP'd..i.e. EXetc. in zip
files even though
Does that mean I will have to buy minimum 2 antivirus product if only
using Sybari for the framework?
1 antivirus vendor because I need its engine (eg Norman)
and another 1 is Sybari because I need its framework.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
We have 3 1/2 layers:
1- custom smap based linux box with spam filtering, attachment blocking, and
some custom blocking of known bad stuff (this one is the 1/2 since it
doesn't really scan for known viruses, just virus like emails)
2- Symantec Antivirus for SMTP Gateways: This is a separate
OK you win.
-Original Message-
From: Andy David [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 11:50 AM
To: Exchange Discussions
Subject: Re: 3 Layers of Virus protection.
42.
- Original Message -
From: Hurst, Paul [EMAIL PROTECTED]
To: Exchange Discussions [EMAIL
I think that is the answer to the universe...
-Original Message-
From: Alverson, Tom [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 12:32 PM
To: Exchange Discussions
Subject: RE: 3 Layers of Virus protection.
OK you win.
-Original Message-
From: Andy David
Which is why it works so well at keeping an exchange environment virus
free :)
-Original Message-
From: Mellott, Bill [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 11:46 AM
To: Exchange Discussions
Subject: RE: 3 Layers of Virus protection.
I think that is the answer to
Not sure how many of you have seen this...most I would imagine:
http://www.aelita.com/products/ARMEx.htm
For all of you folks that *insist* on doing BLB's, I would think this
product would make you a hero, if it works as advertised.
Regardless of your policy concerning BLB's, has anyone tested
Check with Sybari, but I believe that when you license Antigen you get one
engine license included.
Hunter
-Original Message-
From: by [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 10:26 AM
To: Exchange Discussions
Subject: RE: 3 Layers of Virus protection.
Does that mean
I am in the process of deploying MS's instant messaging for one of my clients. One of
my gripes in the past has been the lack of centralized contacts storage like you find
with AIM, Yahoo pager or MSN messenger. Each user has to put in their contacts at each
new machine that they log on to.
Actually, I think you get two engines of your choice for free, and beyond that they
cost extra.
-Peter
-Original Message-
From: Coleman, Hunter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 10:05
To: Exchange Discussions
Subject: RE: 3 Layers of Virus protection.
Check
Exact same thing as Power Controls, which is what we use. Nice products
for DR.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Blunt, James H
(Jim)
Sent: Wednesday, August 20, 2003 1:02 PM
To: Exchange Discussions
Subject: Aelita Recovery Manager (ARM)
Ill take the beef and broccoli, and the fried rice.
Do I have to pay extra for the egg fu yung?
-Original Message-
From: Durkee, Peter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 10:40 AM
To: Exchange Discussions
Subject: RE: 3 Layers of Virus protection.
Actually, I
yes. but the soup is included with the lunch special
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 1:39 PM
To: Exchange Discussions
Subject: RE: 3 Layers of Virus protection.
Ill take the beef and broccoli, and the fried rice.
Michael,
How useful do you find Power Controls? We purchased it and have used it on a
few occasions with about a 50:50 success rate. On the times that it fails it
said that the edb is unreadable. Ontrack says this can occur when a lot of
transaction logs haven't been committed to the database.
Yeah we have seen this as well. Not that many times though. They also
told us it would be fixed in the next version. It has definitely paid
for itself in the data we have recovered. Once the bug is fixed, it
will be a very solid/useful product.
-Original Message-
From: [EMAIL
We use McAfee's e250 through which all traffic in and out of the network is
proxied. We have GroupShield on the Exchange Server and VirusScan Enterprise
on the desktops. Everything is managed with ePolicy Orchestrator. So far, so
good...knock on wood.
John Orban
System Administrator
The Country
3 levels here also.
I match the below configuration except we have the e500, GroupShield 5, and
Enterprise 7 on the desktops, all managed with EPO.
-Original Message-
From: John Orban [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 6:14 AM
To: Exchange Discussions
Subject:
We will have 4 levels shortly, using 3 different vendors.
1. Have TrendMicro on the Exchange Servers for the mailboxes.
2. Have McAfee for file scanning on the server level (saved our butts a
couple of times).
3. Have McAfee on the Desktop level.
4. Soon to have Mirapoint installed as front end
Outlook 98 Exchange 5.5 Windows 2000
I have a user that has meeting notifications for Accepted:, Deleted: and
Canceled: going directly to his Deleted Items folder. He has no rules turned
on; we have deleted his .RWZ file; his adult content is not turned on and as
a last resort we copied his
That's how I remember it. I love Antigen.
-Original Message-
From: Durkee, Peter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 1:40 PM
To: Exchange Discussions
Subject: RE: 3 Layers of Virus protection.
Actually, I think you get two engines of your choice for free, and
One note related to this. It seems to me that having more than one vendor is as
important as having multiple layers. If you have three or four layers of 'insert your
AV vendor here' products and they miss the boat on some virus, then all of those
layers are irrelevant.
Jon
-Original
Hi All,
A few days ago some of our users reported receiving emails that they had
previously received up to a month ago. Also messages that had been sent
before were getting sent again. We had a disk failure on the exchange
server over the weekend and just rebuilt it. People started reporting
I remember as a kid during the summertime. We would be outside throwing
rocks at cars when you would hear the jingle of the ice cream man. Back then
$5 would get you a snow cone and a good sized bag of weed.
-Original Message-
From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED]
Sent:
well when my dad was a kid...a milk shake cost 10 cent's
and we liked it!
-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 4:17 PM
To: Exchange Discussions
Subject: RE: 3 Layers of Virus protection.
I remember as a kid during the
It was made with lava and sable tooth tiger.
-Original Message-
From: Mellott, Bill [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 1:20 PM
To: Exchange Discussions
Subject: RE: 3 Layers of Virus protection.
well when my dad was a kid...a milk shake cost 10 cent's
and
How old was the restored backup?
- Original Message -
From: Sean Brandt [EMAIL PROTECTED]
To: Exchange Discussions [EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 4:18 PM
Subject: Exchange 5.5 server sending and receiving previously processed me
ssages
Hi All,
A few days ago some
3 layers - We run a Fortinet firewall at the edge which scans SMTP, POP3, IMAP, HTTP
and FTP for viruses (at the packet level which is really cool), CA (I know...) on
Exchange box and CA on the desktops. I beleive we use the VET engine on Exchange and
InoculateIT on the desktops...
Jeff Hague
I would suspect the system is replaying the queue.dat file found in the imcdata
folder. I would hazard a guess that all the messages being replayed if you
will are all SMTP. Stop the Internet mail service then rename/move/delete the
queue.dat file and then restart the service. This should
It was just one disk in a three disk raid 5 array. I swapped the failed disk
and it rebuilt itself. So I didn't have to restore from backup.
-Original Message-
From: Andy David [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 1:24 PM
To: Exchange Discussions
Subject: Re:
Sorry, to clarify my first post: We rebuilt the disk array not the server.
-Original Message-
From: Sean Brandt
Sent: Wednesday, August 20, 2003 1:30 PM
To: Exchange Discussions
Subject: RE: Exchange 5.5 server sending and receiving previously processe d
me ssages
It was just one disk
Do they have a third party add-on installed? Like a spam filter?
-Original Message-
From: Mitchell Mike [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 3:23 PM
To: Exchange Discussions
Subject: Items moving to deleted items folder
Outlook 98 Exchange 5.5 Windows 2000
Has anyone else noticed recent bounce messages when users try to send mail
to swbell.net?
Any ideas why I am all of the sudden?
_
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Web Interface:
Uncheck the automatically process read receipts box.
-Original Message-
From: Mitchell Mike [mailto:[EMAIL PROTECTED]
Posted At: Wednesday, August 20, 2003 2:23 PM
Posted To: swynk
Conversation: Items moving to deleted items folder
Subject: Items moving to deleted items folder
Outlook
The following line produces HRESULT: 0x80040115. error in asp.net
objFolderACL.let_CDOItem = objSelectedFolder
This works fine in VB6 . If anyone has any ideas please let me know.
The following link does not have any info about .Net
(
Yeah, it lets you do a HELO, but then on the MAIL FROM: it goes 550.
I haven't tried all their servers (they do round-robin DNS on their MX records)
because I'm lazy and it's not my problem. ;)
-Original Message-
From: Mitch Lawrence [mailto:[EMAIL PROTECTED]
Posted At: Wednesday,
I knew it wasn't me. What should I expect from the old prodigy service.
Thank you,
Mitchell D. Lawrence
-Original Message-
From: Tom Meunier [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 4:49 PM
To: Exchange Discussions
Subject: RE: SWBELL.NET bouncing all of the sudden?
Could all you folks with the misconfigured AV servers please disable auto-replying to
the spoofed FROM: lines in the latest generation of viruses? Jeez. It's worse than
the stupid virus. The virus gets dumped and nobody ever sees it, but the NDRs and
virus alerts go to people who didn't send
Tom,
Wednesday, August 20, 2003, 5:24:21 PM, you typed:
Could all you folks with the misconfigured AV servers please disable auto-replying
to the spoofed FROM: lines in the latest generation of viruses? Jeez. It's worse
than the stupid virus. The
virus gets dumped and nobody ever sees
I could not possibly agree more! I've taken to blocking some of the more common AV
auto-replies with my spam filters.
-Peter
-Original Message-
From: Tom Meunier [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 15:24
To: Exchange Discussions
Subject: Antivirus notifications
Good call, Peter. Here's a guy who's starting to compile a bunch of
SpamAssassin rules for the virus bounce messages, might give you some
starting points for your filters. I use SpamAssassin, but I intend to
just reject them out-of-hand during the SMTP conversation before it ever
gets that far.
Looking for suggestions / examples on how to:
Set up users outlook client with a default archive folder
in the users 'home' share. (Is there a better way than modifiying each
Outlook.prf?)
Create a method to export common client side rules to all users
either automatically or
Subject: relay server in DMZ
Dear all,
Need your help, I have recently placed MS SMTP server in DMZ, server is configured to
receive and send mails, with GFI security. Now the problem that I am having is, the
mail server could not send mails to external domains, it stuck in the Exchange 2000
79 matches
Mail list logo