I would agree, in all cases but .exe and .com files. My list of files to block is a list of files that users don't normally send about. For example, when was the last time that someone legitimately sent a .pif (Program Information File) or .scr (screen saver file)? How about an .hta (HTML Application) or a .chm (Compiled Help Module)? Not frequently. I have a high level of trust on my Exchange Antivirus (Trend ScanMail, if anyone cares) and it checks for updates hourly. But on the off chance something gets missed, the attachment blocking protects. In 4 years, I have had exactly 4 instances of a file being blocked that was actually required. (Granted I am not counting the numerous times a cheesy flash game was blocked, but we won't go into that...) Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: SewardAdmin [mailto:mwm@xxxxxxx] Sent: Monday, May 19, 2003 10:12 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: VIRUS WARNING Hi, Norton AV - Corporate Version 8 catches this one - and we've never had a virus problem, even in previous versions. However, since version 8, all virus-defs are less than 100kbs for updates, but before this version, auto-updates downloaded the entire listing - prior to updating.... which was stupid! Now - auto-updates are almost instant - as well as all users on the server. Another great feature that NavCorp has added, was to keep it in the background - and not bother anyone. All viruses - via email or other means - can be setup to automatically delete - and users are not bothered by the "Virus Found!" screen! There are many more features - but I'm keeping with the current subject. As far as censorship - we don't! Our IT-Staff is here to server the users, not limit them in the ways that they can get business done! We allow any attachments at our organization ( for the last 3 years ) - exe's included - and have never been infected. 99.9% of all emails with viruses (at our organization) - are from unknown parties, and are delete by NavCorp immediately. No one has to be bothered - including the IT-Staff, just because a Virus has been sent. We can always refer to our logs - if needed. This is an IT-Staffers responsibility, making sure that files are safe for viewing and using, while not impeding the work flow. And though I realize that many IT-Departments have stricter standards and methods of ideology - we wouldn't have a job without users! Regards Mike ----- Original Message ----- From: "Chris McEvoy" <chris@xxxxxxxxxxxxxxxxx> To: <windows2000@xxxxxxxxxxxxx> Sent: Monday, May 19, 2003 5:32 AM Subject: [windows2000] Re: VIRUS WARNING > > Thanks Jim. Do you know if the latest Norton definitions can catch this > one? > > > -----Original Message----- > > From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=20 > > Sent: Monday 19 May 2003 14:24 > > To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx;=20 > > brainstem@xxxxxxxxxxxxx > > Subject: [windows2000] VIRUS WARNING > >=20 > >=20 > >=20 > > If you receive an email from Support@xxxxxxxxxxxxx that has=20 > > an attachment DO NOT OPEN IT! This is a virus. Delete it=20 > > immediately. My mcaffee I updated yesterday is not catching=20 > > this one. Watch out! Regards, Jim Kenzig > >=20 > >=20 > > VIRUS WARNING The Central Command(r) Emergency Virus Response=20 > > Team(tm) (EVRT(tm)) has received virus infection reports for the=20 > > new Internet Worm/Palyh.A=20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D030518-000043>. Due to increased customer inquires=20 > > and infection reports the EVRT is issuing a VIRUS ALERT. > >=20 > > You are receiving this news letter because you are a=20 > > subscriber to the Central Command Virus News mailing list. > >=20 > > [ EVRT(tm) Virus Warning issued for Worm/Palyh.A=20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D030518-000043> ] > >=20 > > Name: Worm/Palyh.A=20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D030518-000043> > > Alias: Win32.Palyh-A > > Type: Internet Worm > > Discovered: May 18, 2003 > > Size: 52.955KB > > Platform: Microsoft Windows 9x/ME/NT/2000/XP > >=20 > >=20 > > Description: > >=20 > > Worm/Palyh.A=20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > user/std_adp.p > hp?p_refno=3D030518-000043> is an Internet worm that spreads through > e-mail by using addresses it collects in the files with the following > extensions, .dbx, .eml, .htm, .html, .txt, and .wab. > > The worm may arrive in via email in the following format: > > From: support@xxxxxxxxxxxxx > Subject: (it will contain one of the following) > > - Your Password > - Screensaver > - Re: Movie > - Your details > - Approved (Ref: 38446-263) > - Re: Approved (Ref: 3394-65467) > - Cool screensaver > - Re: My details > - Re: My application > - Re: Movie > > Attachment: (it will contain one of the following) > > - movie28.pif > - application.pif > - ref-394755.pif > - approved.pif > - doc_details.pif > - your_details.pif > - screen_temp.pif > - screen_doc.pif > - password.pif > > If executed, the worm copies itself in the \windows\ directory under the > filename "mscon32.exe". > > So that it gets run each time a user restart their computer the > following registry key gets added: > > - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run > "System Tray"=3D"C:\\WINDOWS\\MSCON32.EXE" > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= > =3D=3D=3D=3D=3D=3D=3D=3D=3D > To Unsubscribe, set digest or vacation > mode or view archives use the below link. > > http://thethin.net/win2000list.cfm > > ================================== > To Unsubscribe, set digest or vacation > mode or view archives use the below link. > > http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm