RE: Interesting Observation

  • From: "Scheele, Brian" <bscheele@xxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 10 Jun 2004 16:06:56 -0400

A good solution would just be to keep your antivirus products up to
date.  And keep your users out of critical directories.


 
Thanks,
 
Brian Scheele
Systems Administrator
Clark Filter
3649 Hempland Road
Lancaster, PA 17601-1393
Ph. (717) 285-5941 x176
Fx. (717) 285-3039

-----Original Message-----
From: Mark Fugatt [mailto:mark@xxxxxxxxx] 
Sent: Thursday, June 10, 2004 3:52 PM
To: [ExchangeList]
Subject: Possible Spam (keywords):[exchangelist] RE: Interesting
Observation

http://www.MSExchange.org/

Excellent point Michael

-----Original Message-----
From: Michael B. Smith [mailto:michael@xxxxxxxxxx]
Sent: Thursday, June 10, 2004 3:48 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Interesting Observation

http://www.MSExchange.org/

I think the behavior is appropriate. As you know, Exchange maintains a
log-file-number, and if that file is already there -- there is a
problem.
The database and transactional system is fubar'ed.

I think it's a good thing that on Ex2003/Win2003 that Everyone doesn't
have permission to the MDBDATA folders by default. :-)

But if a worm/virus has admin access, I'm already SOL.... 

-----Original Message-----
From: Mark Fugatt [mailto:mark@xxxxxxxxx]
Sent: Thursday, June 10, 2004 3:42 PM
To: [ExchangeList]
Subject: [exchangelist] Interesting Observation

http://www.MSExchange.org/

I was teaching an Exchange 2003 support class for Symantec this week, so
that their gold and platinum support guys had a good understanding of
how Exchange really works :-), he talked about log files, and one of the
guys asked what would happen if you created a new log file, for example,
the last log file is E0000001.LOG and you create E0000002.log manually.

We tried it to see, and the effect was that the Outlook clients would
hang when trying to send mail, until you deleted the manually created
log file, the other effect was when you performed an online backup the
backup would fail, and then dismount all the Stores in the Storage Group
that you were trying to backup, this then led them to ask what type of
security risk this would be, if someone managed to create a worm that
created a log file manually it would bring down all the Stores when you
perform a backup.

What are your thoughts?

Mark



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
michael@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
mark@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
ExchangeList@xxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist

Other related posts:

  1. Home
  2. exchangelist
  3. Archive
  4. 06-2004