RE: WMF filter script
- From: "Joe Pochedley" <joepochedley@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 7 Jan 2006 13:56:57 -0500
Jim,
Can I send the file directly to your personal address? It's about 1Mb
zipped.
Joe P
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Saturday, January 07, 2006 12:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF filter script
http://www.ISAserver.org
http://isatools.org/isainfo/isainfo.zip
read the instructions in the zip file.
--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
-----Original Message-----
From: Joe Pochedley [mailto:joepochedley@xxxxxxxxx]
Sent: Saturday, January 07, 2006 8:20 AM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: WMF filter script
Jim,
Certainly... First for a dumb question though.. Is ISAInfo a generic
term, or an app that I am unaware of?
If it's a generic term then:
ISA Server 2004 (no SP) on Win2k3 (no SP)
I should probably install the SPs for both, eh?
Joe P
________________________________
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Fri 1/6/2006 6:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF filter script
http://www.ISAserver.org
Can you send me your ISAInfo?
Which filter; 1.0 or 1.1?
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Joe Pochedley [mailto:joepochedley@xxxxxxxxx]
Sent: Friday, January 06, 2006 13:35
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF filter script
http://www.ISAserver.org
Jim,
Wanted to let you know that after installing your WMF filter, I'm now
getting this message on my ISA box.
Event Type: Error
Event Source: Microsoft Firewall
Event Category: None
Event ID: 14057
Date: 1/6/2006
Time: 3:37:49 PM
User: N/A
Computer: JUH
Description:
The Firewall service stopped because an application filter module
C:\Program Files\Microsoft ISA Server\HttpFilter.dll generated an
exception code C0000005 in address 60FF647F when function
CompleteAsyncIO was called. To resolve this error, remove recently
installed application filters and restart the service.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Removing the new filter definitions clears the errors and the FW service
stops crashing... Haven't tried to re-add the filters again to see if
there was a problematic import or what, but wanted to pass along the
issue.
Joe Pochedley
A computer terminal is not some clunky old television with a typewriter
in front of it. It is an interface where the mind and body can connect
with the universe and move bits of it about. -Douglas Adams
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Friday, January 06, 2006 2:46 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF filter script
http://www.ISAserver.org
Ok - I inserted two more signatures to catch any header containing
".emf" or ".wmf".
V 1.1 is at http://isatools.org/block_wmf.zip
No need to manually mangle the settings; the script will overwrite the
old settings with the new.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Friday, January 06, 2006 07:33
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: WMF filter script
http://www.ISAserver.org
Hi Jim,
You bet! The post is "Denli" and his post is toward the middle of the
thread at
http://forums.isaserver.org/Roll_up_discussion_link_for_posts_up_to_01-7
-2006/m_2002002194/tm.htm
Thanks!
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Friday, January 06, 2006 9:16 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: WMF filter script
>
> http://www.ISAserver.org
>
> What's the web board link?
> Does he have captures of the whole process?
>
> The file type isn't in a place where we're looking and the
> content-type is incorrect. I think I know what to do to fix this one
> - keep your eyes open for an update later this morning.
>
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Friday, January 06, 2006 6:49 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] WMF filter script
>
> http://www.ISAserver.org
>
> Hey Jim,
>
> Some one on the Web boards found that this bypassed the configuration
> in the script. Any ideas? --Tom.
>
>
>
> The content that slips through looks like this
>
> HTTP/1.1 200 OK
> Proxy-Connection: Keep-Alive
> Connection: Keep-Alive
> Content-Length: 15734
> Via: 1.1 DMZ-ISA, 1.1 LNK-ISA
> Date: Thu, 05 Jan 2006 23:45:14 GMT
> Content-Type: binary/octet-stream
> Server: Apache/1.3.34
> Vary: User-Agent
> Content-Disposition: inline; filename="browsercheck.wmf"
>
> Binary Data: 1162 Bytes [352/1162]
> 05 C6 19 03 99 E4 E1 7B 07 00 00 00 FC 02 D0 13 5E 08 80 BA CD 0F 08
> 00 00 00 FA 02 73 EA 29 32 01 13 58 12 87 8E 07 00 00 00 FC 02 4C A4
> C4 50 AE 43 76 B6 07 00 00 00 FC 02 EF D8 A3 65 4A 14 E6 5C 07 00 00
> 00 FC 02
> 96 EF 20 AB AD 5F 19 1E 07 00 00 00 FC 02 2D C1 28 69 73 A5
> 65 91 07 00
> 00 00 FC 02 3E F6 83 A8 26 80 7B BC 08 00 00 00 FA 02 45 52
> F9 89 E2 FB
> 3B 6A 95 B6 07 00 00 00 1B 04 4F F4 BE B3 7F CA 0A 78 08 00 00 00 FA
> 02 AC 12 60 47 28 C9 31 A2 5E A3 07 00 00 00 1B 04 47 F3 00 6F
> A3 87 C8 EC
> 07 00 00 00 1B 04 35 FA 89 F0 A3 5E 50 97 08 00 00 00 FA 02 DA 7C A2
> 35 1E 3D D9 86 7E 17 07 00 00 00 1B 04 0F 39 D0 D2 82 85 EF D3
> 07 00 00 00
> FC 02 49 5E 1E 41 6B 0E 66 CD 07 00 00 00 1B 04 86 25 2F 63
> 54 A9 88 FF
> 07 00
>
>
>
> _____________________________
>
> /Dennis
>
>
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA
> Firewalls **Who is John Galt?**
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
