RE: the SoBig Worm - what should I expect to see.....
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 21 Aug 2003 18:14:31 -0500
Hi Simon,
SBS always creates some hurdles, but you can install the Message
Screener on the SBS machine and filter out file extensions. I don't have
the procedure on the Web site for a co-located Exchange/ISA Server, but
it is in the ISA Server and Beyond book. The book needs a bump in the
ratings at amazon.com, so go for it ;-)
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]
Sent: Thursday, August 21, 2003 4:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] the SoBig Worm - what should I expect to
see.....
http://www.ISAserver.org
Hi everyone
I was in the process of getting a new client over to SBS2000, as
they are currently using Win2k / Exchange / Proxy 2.0
However I was called in due to the fact they "believe" they are
infected with the SoBig.f Virus.
However a complete scan of the Server / PC's and patching all
machines proved there was no trace of the virus.
However, they are getting inundated with hundreds upon hundreds
of emails that is being picked up by the AV Symantec Program and sending
the Emails out with a Quarantine Attachment.
However people are also saying they are "receiving" Emails from
the users in this LAN to external recipients with a virus attached!
I do not believe it - But is this the behaviour of this new
virus.
Also, am I right in thinking if I get SBS2k / ISA up and running
I can filter out .scr / .exe / .pif files??
Any advise is welcome :-)
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net
Other related posts:
