Yep, I was in Eugene, Monday, Tuesday and flew home last night -----Original Message----- From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Thursday, June 10, 2004 4:37 PM To: [ExchangeList] Subject: [exchangelist] RE: Interesting Observation http://www.MSExchange.org/ No. Don't tell me. You were in Oregon on Monday. Dag nab it. So was I. Flew out at 1:15 PM. So close, yet so far... John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: Mark Fugatt [mailto:mark@xxxxxxxxx] > Sent: Thursday, June 10, 2004 1:12 PM > To: [ExchangeList] > Subject: [exchangelist] RE: Interesting Observation > > http://www.MSExchange.org/ > > I agree 100% John, it was a long flight home from Oregon (left at 2am > and got in my house an 2.30pm), and I was not really thinking clearly > when I posted :-) > > Mark > -----Original Message----- > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > Sent: Thursday, June 10, 2004 4:01 PM > To: [ExchangeList] > Subject: [exchangelist] RE: Interesting Observation > > http://www.MSExchange.org/ > > > I was teaching an Exchange 2003 support class for Symantec this > > week, so that their gold and platinum support guys had a good > > understanding of how Exchange really works :-), he talked about log > > files, and one of the guys asked what would happen if you created a > > new log file, for example, the > last > > log file is E0000001.LOG and you create E0000002.log manually. > > > > We tried it to see, and the effect was that the Outlook clients > > would hang when trying to send mail, until you deleted the manually > > created log file, the other effect was when you performed an online > > backup the backup would fail, and then dismount all the Stores in > > the Storage Group that you were trying to backup, this then led them > > to ask what type of security risk > this > > would be, if someone managed to create a worm that created a log > > file manually it would bring down all the Stores when you perform a backup. > > 1. The worm would have to reach the server. Defense rule: All > computers must > have AV installed to protect the server itself. > 2. The worm would have to get past the firewall. Defense rule: All computers > must be behind a firewall. > 3. The worm would have to be executed by e-mail if not through the firewall. > Defense ruleA: All incoming e-mail must be scanned for viruses, > vulnerabilities and possible malicious content, ie executable attachments. > Defense ruleB: Generally, you should not be viewing e-mail on a server. > > So, the way I see it, if the worm is able to execute on the server in > the first place, you have other problems to deal with. > > However, having said that, that is a real problem, although with > proper defences in place, the probability of it occurring is > minimized. If there is > a way that behavior can be changed/protected, it should be looked into > and work needed weighted out. > > John Tolmachoff > Engineer/Consultant/Owner > eServices For You > > > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org Windows > Security Resource Site: http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > mark@xxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > > > > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org Windows > Security Resource Site: http://www.windowsecurity.com/ Network > Security Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: mark@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist