RE: Critical Problem - Connection down - Please advice
- From: "Bakari Allen" <ballen@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 27 Aug 2003 13:21:48 -0400
We use eTrust InoculateIT with the Exchange option to scan all incoming mail as
well as the client version on the workstations to scan all files passing in or
out of the box. Our definitions caught the SoBig variant and deleted the
content. Additionally, we setup the Exchange AV module to block attachment
types (i.e., .scr, .pif, .bat, .vbs, etc).
Bakari Allen
ballen@xxxxxxxxx
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, August 27, 2003 1:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Critical Problem - Connection down - Please advice
http://www.ISAserver.org
Another option is to filter on content (if you mail server allows).
Create a rule that rejects email containing "*Xame-*.pif", "*Xame=*.scr" and
you won't waste valuable CPU cycles scanning something that should be found
in decent email.
(replace "X" with "n"; my mail server drops email with those definitions)
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Koie Smith" <ksmith@xxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, August 27, 2003 09:28
Subject: [isalist] RE: Critical Problem - Connection down - Please advice
http://www.ISAserver.org
We use "Symantec Antivirus Filtering for Exchange 3.0", has been running
good so far if setup correctly to stop sobig.f along with Symantec 8.1 Corp
Edition.
Koie Smith
Nex-Tek, Inc.
Technical Support Team
-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, August 27, 2003 11:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Critical Problem - Connection down - Please
advice
http://www.ISAserver.org
No, normal AV software DOES NOT CHECK incoming and outgoing message through
Exchange. You need specific software for that.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -----Original Message-----
> From: Nabil, Ahmed [mailto:anmahmou@xxxxxxxxxx]
> Sent: Tuesday, August 26, 2003 11:44 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Critical Problem - Connection down - Please advice
>
> http://www.ISAserver.org
>
>
> Hi Tom,
>
> I downloaded the Welchia fix from the Symantec Site and I am trying to
apply it in
> the logon script for all users. Yesterday I found some Sobig also in the
Exchange
> EDB which wasn't detected by normal antivirus !!!!!
>
> What do you think ??
>
> I am getting an error in the application log of the ISA server (userenv -
Windows
> can't determine the user or computer name)
>
> Please advice,
>
> Thanks alot for all of you for your help and support.
>
> Ahmed
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, August 27, 2003 3:51 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Critical Problem - Connection down - Please
> advice
>
>
> http://www.ISAserver.org
>
>
> Hi Ahmed,
>
> Sounds like the Welchia worm to me.
>
> HTH,
> Tom
>
> Thomas W Shinder
> www.isaserver.org/shinder
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
>
>
>
> -----Original Message-----
> From: Nabil, Ahmed [mailto:anmahmou@xxxxxxxxxx]
> Sent: Monday, August 25, 2003 5:36 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Critical Problem - Connection down - Please
> advice
>
>
> http://www.ISAserver.org
>
>
> I disconnected the local NIC (Internal) cable from the ISA server and
> everything went fine. The task manager performance dropped to 2% and the
> Internet is connected !!!!!!!!!!!!!
>
> Is that a kind of virus on the Internal LAN ??
>
> Please advice,
>
> Ahmed
>
> -----Original Message-----
> From: Nabil, Ahmed
> Sent: Monday, August 25, 2003 9:16 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Critical Problem - Connection down - Please advice
> Importance: High
>
>
> http://www.ISAserver.org
>
>
> Hello Everyone,
>
> Just to give you an overview of my ISA architecture. The ISA External
> Interface NIC is connected to the Firewall which in turn is connected to
> our ISP.
>
> The Problem is that we are not able to connect to the Internet, The
> problem is for sure with the ISA, I inserted a Laptop between the ISA
> and the Firewall (Bypassing the ISA) and I connected fine to the
> Internet.
>
> Actually the connection isn't totally down, When I start to ping the ISA
> external Interface from my client machine or to ping for example
> www.yahoo.com I get a reply for my ping and then the Time (TTL) starts
> to increase till it reach 1000ms then REQUEST TIME OUT message appear.
> This happens for another 5-10 minutes then a reply once again come back
> for another 2-5 minutes then TTL increase again and the same loop goes
> on.
>
> When I check the ISA server Task manager, thats the strange part, the
> Performance is 100% CPU Usage and when I check the Process, I find few
> process (CSRSS, Winlogon, rdpclip, shstat, wzqkpick, hkcmd,
> controldGUI.......etc) and each of them is showing 0% CPU
> !!!!!!!!!!!!!!!!!!
>
> I tried to clear the cache several times and I restarted the computer
> many times and when its up, it works fine for few minutes then the loop
> starts.
>
> Now the CPU Usage is 100% and I don't have another choice but to restart
> the ISA.
>
> Please advice,
>
> Thanks in advance for your help,
>
> Ahmed
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> anmahmou@xxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> anmahmou@xxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ksmith@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bakari.allen@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
