RE: SMTP filter can't filter all defined attachment?

  • From: "John Tolmachoff" <jtolmachoff@xxxxxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 18 Apr 2002 15:37:05 -0700

I can not offer an answer as to why some attachments are getting
through, but as a security and safety, you should be scanning all
incoming e-mail for viruses.

All e-mail coming and going through our mail server is scanned for
viruses. This is another layer of protection. Of course, the workstation
must also have AV software.

Using Declude with Imail, we have caught over 75 viruses in the last 24
hours.

Another layer we have is that even if an attachment is scanned as virus
free, if it is one of 25 attachments that we ban, the mail is
quarantined and a notice is sent.

What is your filter not catching? Is it all the same virus, then maybe
the definitions are not up to date.

John Tolmachoff 
IT Manager, Network Engineer
211 E. Imperial Hwy., Suite 106
Fullerton, CA  92835
714-578-7999, ext. 104
jtolmachoff@xxxxxxxxxxxxxxxx
www.reliancesoft.com
 


-----Original Message-----
From: Steven Lai [mailto:slai@xxxxxxxxxxx] 
Sent: Thursday, April 18, 2002 3:18 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SMTP filter can't filter all defined attachment?

http://www.ISAserver.org


Dear All

To the question I posed earlier, I found the answer why email with virus
attachment does not display in Outlook 2000. It's because of the Outlook
Security Patch from Microsoft. Every virus attachment, it will blank it
out.
So users can't open it! Read more on this link below :

http://www.slipstick.com/outlook/esecup.htm

HOWEVER, my other question is still not answered yet! SMTP filter does
not
filtered virus attachment 100 % (read my email below). Some email virus
attachment still slip thru?? Why? Anyone?

Have a nice day! Email me if you have any questions!

Thanks.

Steven Lai
MIS Dept.
slai@xxxxxxxxxxx
626-369-3698 extn 2501

-----Original Message-----
From: John Tolmachoff [mailto:jtolmachoff@xxxxxxxxxxxxxxxx]
Sent: Thursday, April 18, 2002 2:31 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: SMTP filter can't filter all defined attachment?

http://www.ISAserver.org


If you can not see the extension in Outlook 2000, then do not allow
extension feature may be on. There is a third party add on to chose to
allow potentially harmful extensions.

John Tolmachoff
IT Manager, Network Engineer
211 E. Imperial Hwy., Suite 106
Fullerton, CA  92835
714-578-7999, ext. 104
jtolmachoff@xxxxxxxxxxxxxxxx
www.reliancesoft.com



-----Original Message-----
From: Steven Lai [mailto:slai@xxxxxxxxxxx]
Sent: Thursday, April 18, 2002 1:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] SMTP filter can't filter all defined attachment?

http://www.ISAserver.org


Hi Tom

Thanks for the reply! Actually, I did installed the W2K SP2 & ISA SP1.
As
I
said, it can filter all the pif, exe, bat, scr, vbs files attachment
that
I
send and tested by myself.

However, right now for all foreign email, it can only partially filtered
about 60 - 70 % of the attachment. Some attachment like .exe can still
get
thru? Can those virus email hid their extension so it cannot be seen? I
have
seen this right before my eyes. The user got it!

And even strange things happen! Using Outlook Express, I can see the
virus
.exe or .bat attachment. But on Outlook 2000, I can't see the .exe or
.bat
attachment.

Is it a bug in ISA or the virus email can hide or masquerade the
extension
name? I know ISA SP1 corrected a lot of SMTP bug but maybe still have
some
left??

Any input on this Tom or anyone??? Thanks for any help!

SL


"Thomas W Shinder [MVP]" <tshinder@xxxxxxxxxxx> wrote in message
news:ulkkuaw5BHA.1948@xxxxxxxxxxxxxx
> Hi Steven,
>
> Many changes were made to the SMTP filter with SP1, so you should
install
it
> and see if that helps.
>
> HTH,
> --
> Tom
> www.isaserver.org/shinder
> Get the book!
> MVP -- ISA Server 2000
>
>
> "SL" <slai@xxxxxxxxxxx> wrote in message
> news:utPfMvv5BHA.1888@xxxxxxxxxxxxxx
> > Hi
> >
> > I got my Message Screener to work but not all the time! Kind of
strange!
> It
> > can filter some attachment but not all attachment! I got my Message
> Screener
> > and SMTPCred installed on an SMTP Server, located away from the ISA
> Server.
> > And ran the dcomcnfg on the ISA. Email Server is sending and
receiving
> email
> > fine!
> >
> > I setup the SMTP to filter .bat, .exe, .scr, .pif extension. It was
able
> to
> > filter the .exe, .bat file but not the .scr file yesterday! But
today, I
> > still see files with .exe passing thru without being filter! Per
Tom's
in
> > one of his email reply, I did a edit the Registry and deleted all
those
> > entries in the Vendor Parameters Sets values. Start clean again. But
> doesn't
> > seems to help!
> >
> > Seems like the SMTP filter works on & off! Sometimes, it filter
sometimes
> it
> > don't! And it never filter my .scr files. ANybody has some idea why
this
> is
> > happening? Will ISA SP1 helps?
> >
> > Thanks for any help!
> >
> > Steven

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jtolmachoff@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
slai@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jtolmachoff@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



Other related posts: