RE: Interesting Observation

  • From: "Mark Fugatt" <mark@xxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 10 Jun 2004 16:11:37 -0400

I agree 100% John, it was a long flight home from Oregon (left at 2am and
got in my house an 2.30pm), and I was not really thinking clearly when I
posted :-)

-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Thursday, June 10, 2004 4:01 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Interesting Observation

> I was teaching an Exchange 2003 support class for Symantec this week, 
> so that their gold and platinum support guys had a good understanding 
> of how Exchange really works :-), he talked about log files, and one 
> of the guys asked what would happen if you created a new log file, for 
> example, the
> log file is E0000001.LOG and you create E0000002.log manually.
> We tried it to see, and the effect was that the Outlook clients would 
> hang when trying to send mail, until you deleted the manually created 
> log file, the other effect was when you performed an online backup the 
> backup would fail, and then dismount all the Stores in the Storage 
> Group that you were trying to backup, this then led them to ask what 
> type of security risk
> would be, if someone managed to create a worm that created a log file 
> manually it would bring down all the Stores when you perform a backup.

1. The worm would have to reach the server. Defense rule: All computers must
have AV installed to protect the server itself.
2. The worm would have to get past the firewall. Defense rule: All computers
must be behind a firewall.
3. The worm would have to be executed by e-mail if not through the firewall.
Defense ruleA: All incoming e-mail must be scanned for viruses,
vulnerabilities and possible malicious content, ie executable attachments.
Defense ruleB: Generally, you should not be viewing e-mail on a server.

So, the way I see it, if the worm is able to execute on the server in the
first place, you have other problems to deal with. 

However, having said that, that is a real problem, although with proper
defences in place, the probability of it occurring is minimized. If there is
a way that behavior can be changed/protected, it should be looked into and
work needed weighted out.

John Tolmachoff
eServices For You

List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking: Leading
Network Software Directory:
No.1 ISA Server Resource Site: Windows Security
Resource Site: Network Security Library: Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
mark@xxxxxxxxx To unsubscribe visit

Other related posts: