John, I think you missed the "Symantec Enterprise Edition" part of Sean's response... The Enterprise edition includes the Exchange component as well as the workstation AV software... The Exchange component installs on the Exchange server and scans at the MTA level, before the email ever reaches the client... To the original question: I'm not familiar with how the other AV vendors handle file blocking, but I know that Groupshield from NAI (I hear the groans out there, and you all be quiet, it's worked just fine here!) does the attachment blocking before the files even hit the AV scanner which defeats the "if it passes AV, and meets xxx criteria, then send a blocked notification" requirement... You'll have to check with your AV vendor of choice to see if their product functions differently from Groupshield. I wholeheartedly agree with John though that you should not send notices to "senders" unless you are 99% certain that the sender address has not been spoofed as SoBig and so many other viruses are doing now... Anyway, this is pretty OT for the ISA list since I think we're all pretty certain that this is not a function that ISA can perform... Joe Pochedley Weiler's Law - Nothing is impossible for the man who doesn't have to do it himself. -----Original Message----- From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Friday, September 05, 2003 3:05 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: virus blocking http://www.ISAserver.org But that is on the desktop, which is the last line of defense. While Symantec does indeed do a great job of stop viruses at the desktop, do you relay on the lock on your bedroom door at night, or do you lock the front and back door to your house as well? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -----Original Message----- > From: Sean Rector [mailto:srector@xxxxxxxxxxxxxxxx] > Sent: Friday, September 05, 2003 11:51 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: virus blocking > > http://www.ISAserver.org > > > Most of our customers have purchased Symantec's Enterprise edition of > Antivirus software, which includes the AV Filtering for Exchange. It does a > great job of blocking files/emails, and I recommend it wholeheartedly. > > ----- Original Message ----- > From: "Musser, Dale" <musser@xxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Friday, September 05, 2003 2:36 PM > Subject: [isalist] RE: virus blocking > > > > http://www.ISAserver.org > > > > > > That is exactly what I am looking for and trying to find out how to do. > > > > Dale > > > > > > -----Original Message----- > > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > > Sent: Friday, September 05, 2003 2:36 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: virus blocking > > > > > > http://www.ISAserver.org > > > > > > Sending notifications on attachment blocking is a very good idea, one > > which I and many others I know do. However, the catch is, you should > > only send out notices IF you are using a e-mail AV product in front of > > the banned attachment processing. > > > > This way, if an infected message comes in with a attachment called > > patch.exe, the AV software picks it up and (had better be) only sends > > appropriate notices. If the file is clean, then ban it and send the > > notice. > > > > John Tolmachoff MCSE CSSA > > Engineer/Consultant > > eServices For You > > www.eservicesforyou.com > > > > > > > -----Original Message----- > > > From: Musser, Dale [mailto:musser@xxxxxxxxxxx] > > > Sent: Friday, September 05, 2003 9:47 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: virus blocking > > > > > > http://www.ISAserver.org > > > > > > > > > That is a good point, I actually got the idea from a client of ours. > > > > > > See we email attachments all the time to clients and sometimes the > > > employees will say they never got the attachment when we know we sent > > > it and then we have to second guess what is going on. Then other > > > clients do this :"Sorry, the security policy of (blank) refuses such > > > file extensions : > > > *.vbs;*.vbe;*.js;*.jse;*.css;*.wsh;*.sct;*.hta;*.shs;*.as;*.pif;*.scr; > > > *. > > > com;*.bat;*.exe > > > > > > Best regards, > > > IT security manager" > > > > > > Now I thought that is a nice feature. That way you know up front that > > > your attachment is going to be denied and you have to come up with > > > another solution. Since more and more companies are now starting to > > > block specific attachments it would be nice to be notified. > > > > > > Dale > > > > > > -----Original Message----- > > > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > > > Sent: Friday, September 05, 2003 11:41 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: virus blocking > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > I don't know if this is for this group or not but we have exchange > > > > and > > > > > > > isa servers. We would like to start blocking some types of > > > > attachments > > > > > > > and send a return email back to the sender that it was blocked. Is > > > > this something you do in isa or exchange or both? Any one know how? > > > > > > Do not even think about sending notifications to senders unless you > > > know what you are doing. Where do you think 1/3 of all the traffic on > > > the internet is right now, stupid notifications to FORGED senders from > > > > > misconfigured mail servers. > > > > > > If you want to take these kind of steps, you really need to be aware > > > of the consequences. > > > > > > John Tolmachoff MCSE CSSA > > > Engineer/Consultant > > > eServices For You > > > www.eservicesforyou.com > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Other Internet Software Marketing Sites: > > > Leading Network Software Directory: http://www.serverfiles.com No.1 > > > Exchange Server Resource Site: http://www.msexchange.org Windows > > > Security Resource Site: http://www.windowsecurity.com/ Network > > > Security > > > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > > http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List as: > > > musser@xxxxxxxxxxx To unsubscribe send a blank email to > > > $subst('Email.Unsub') > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Other Internet Software Marketing Sites: > > > Leading Network Software Directory: http://www.serverfiles.com No.1 > > > Exchange Server Resource Site: http://www.msexchange.org Windows > > > Security Resource Site: http://www.windowsecurity.com/ Network > > > Security Library: http://www.secinf.net/ Windows 2000/NT Fax > > > Solutions: http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List as: > > > > > johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to > > > $subst('Email.Unsub') > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com No.1 > > Exchange Server Resource Site: http://www.msexchange.org Windows > > Security Resource Site: http://www.windowsecurity.com/ Network Security > > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > musser@xxxxxxxxxxx To unsubscribe send a blank email to > > $subst('Email.Unsub') > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Network Security Library: http://www.secinf.net/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > srector@xxxxxxxxxxxxxxxx > > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: JoePochedley@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')