Of course there is (more). ISA can't "see into" mail without the msg screecher, so I won't be able to predefine functional settings for that. At least the HTTP filter has some areas to play in. There's no way to create a catch-all policy; what we're shooting for is "best bang for the buck". ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, January 04, 2006 15:26 To: [ISAserver.org Discussion List] Subject: [isalist] RE: WMF Vulnerability http://www.ISAserver.org Hey Jim, I've done those things already, but it seems there is more to the story. Still have to worry about e-mail too. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Wednesday, January 04, 2006 3:09 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: WMF Vulnerability > > http://www.ISAserver.org > > Those are two separate questions. > ISA doesn't use the OS file associations to make its decisions, so > blocking file types of .wmf or content-types of > application/x-msmetafile will get you some relief. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Hillaert, Todd [mailto:THillaert@xxxxxxxx] > Sent: Wednesday, January 04, 2006 12:42 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: WMF Vulnerability > > http://www.ISAserver.org > > Hi > > Correct me if I'm wrong, but as I understand it, a WMF is not handled > by the operating system only according its extension, but by special > flags set within the file itself. > > That's why blocking *.wmf or the mime types will not stop it. > > Todd > > -----Original Message----- > From: Brian Boyes [mailto:BrianB@xxxxxxxxx] > Sent: Wednesday, January 04, 2006 2:37 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: WMF Vulnerability > > http://www.ISAserver.org > > True enough. You had mentioned it was doable with GFI and I though it > might be useful to mention how it could be done via surfcontrol as > well. > Personally, I blocked WMF files at ISA and with my surfcontrol filter, > just in case. > > Brian > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Wednesday, January 04, 2006 2:41 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: WMF Vulnerability > > Hi Brian, > > You don't need SurfControl just to block .wmf files, you can use the > OOB ISA firewall to do that. > > Tom > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > thillaert@xxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.