RE: virus blocking

• From: "Joe Pochedley" <JoePochedley@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 5 Sep 2003 15:31:34 -0400

John,

I think you missed the "Symantec Enterprise Edition" part of Sean's
response...  The Enterprise edition includes the Exchange component as
well as the workstation AV software...  The Exchange component installs
on the Exchange server and scans at the MTA level, before the email ever
reaches the client...

To the original question:  I'm not familiar with how the other AV
vendors handle file blocking, but I know that Groupshield from NAI (I
hear the groans out there, and you all be quiet, it's worked just fine
here!) does the attachment blocking before the files even hit the AV
scanner which defeats the "if it passes AV, and meets xxx criteria, then
send a blocked notification" requirement...  You'll have to check with
your AV vendor of choice to see if their product functions differently
from Groupshield.  I wholeheartedly agree with John though that you
should not send notices to "senders" unless you are 99% certain that the
sender address has not been spoofed as SoBig and so many other viruses
are doing now... 

Anyway, this is pretty OT for the ISA list since I think we're all
pretty certain that this is not a function that ISA can perform...

Joe Pochedley
Weiler's Law - Nothing is impossible for the man who doesn't have to do
it himself.



-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
Sent: Friday, September 05, 2003 3:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: virus blocking


http://www.ISAserver.org


But that is on the desktop, which is the last line of defense.

While Symantec does indeed do a great job of stop viruses at the
desktop, do
you relay on the lock on your bedroom door at night, or do you lock the
front and back door to your house as well?

John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com


> -----Original Message-----
> From: Sean Rector [mailto:srector@xxxxxxxxxxxxxxxx]
> Sent: Friday, September 05, 2003 11:51 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: virus blocking
> 
> http://www.ISAserver.org
> 
> 
> Most of our customers have purchased Symantec's Enterprise edition of
> Antivirus software, which includes the AV Filtering for Exchange.  It
does
a
> great job of blocking files/emails, and I recommend it wholeheartedly.
> 
> ----- Original Message -----
> From: "Musser, Dale" <musser@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, September 05, 2003 2:36 PM
> Subject: [isalist] RE: virus blocking
> 
> 
> > http://www.ISAserver.org
> >
> >
> > That is exactly what I am looking for and trying to find out how to
do.
> >
> > Dale
> >
> >
> > -----Original Message-----
> > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> > Sent: Friday, September 05, 2003 2:36 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: virus blocking
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Sending notifications on attachment blocking is a very good idea,
one
> > which I and many others I know do. However, the catch is, you should
> > only send out notices IF you are using a e-mail AV product in front
of
> > the banned attachment processing.
> >
> > This way, if an infected message comes in with a attachment called
> > patch.exe, the AV software picks it up and (had better be) only
sends
> > appropriate notices. If the file is clean, then ban it and send the
> > notice.
> >
> > John Tolmachoff MCSE CSSA
> > Engineer/Consultant
> > eServices For You
> > www.eservicesforyou.com
> >
> >
> > > -----Original Message-----
> > > From: Musser, Dale [mailto:musser@xxxxxxxxxxx]
> > > Sent: Friday, September 05, 2003 9:47 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: virus blocking
> > >
> > > http://www.ISAserver.org
> > >
> > >
> > > That is a good point, I actually got the idea from a client of
ours.
> > >
> > > See we email attachments all the time to clients and sometimes the
> > > employees will say they never got the attachment when we know we
sent
> > > it and then we have to second guess what is going on. Then other
> > > clients do this :"Sorry, the security policy of (blank) refuses
such
> > > file extensions :
> > >
*.vbs;*.vbe;*.js;*.jse;*.css;*.wsh;*.sct;*.hta;*.shs;*.as;*.pif;*.scr;
> > > *.
> > > com;*.bat;*.exe
> > >
> > > Best regards,
> > > IT security manager"
> > >
> > > Now I thought that is a nice feature. That way you know up front
that
> > > your attachment is going to be denied and you have to come up with
> > > another solution.  Since more and more companies are now starting
to
> > > block specific attachments it would be nice to be notified.
> > >
> > > Dale
> > >
> > > -----Original Message-----
> > > From: John Tolmachoff (Lists)
[mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> > > Sent: Friday, September 05, 2003 11:41 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: virus blocking
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > >
> > > > I don't know if this is for this group or not but we have
exchange
> > > > and
> > >
> > > > isa servers. We would like to start blocking some types of
> > > > attachments
> > >
> > > > and send a return email back to the sender that it was blocked.
Is
> > > > this something you do in isa or exchange or both? Any one know
how?
> > >
> > > Do not even think about sending notifications to senders unless
you
> > > know what you are doing. Where do you think 1/3 of all the traffic
on
> > > the internet is right now, stupid notifications to FORGED senders
from
> >
> > > misconfigured mail servers.
> > >
> > > If you want to take these kind of steps, you really need to be
aware
> > > of the consequences.
> > >
> > > John Tolmachoff MCSE CSSA
> > > Engineer/Consultant
> > > eServices For You
> > > www.eservicesforyou.com
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > Leading Network Software Directory: http://www.serverfiles.com
No.1
> > > Exchange Server Resource Site: http://www.msexchange.org Windows
> > > Security Resource Site: http://www.windowsecurity.com/ Network
> > > Security
> > > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > > http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > > musser@xxxxxxxxxxx To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > Leading Network Software Directory: http://www.serverfiles.com
No.1
> > > Exchange Server Resource Site: http://www.msexchange.org Windows
> > > Security Resource Site: http://www.windowsecurity.com/ Network
> > > Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > > Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List
as:
> >
> > > johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com No.1
> > Exchange Server Resource Site: http://www.msexchange.org Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network
Security
> > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> > musser@xxxxxxxxxxx To unsubscribe send a blank email to
> > $subst('Email.Unsub')
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> srector@xxxxxxxxxxxxxxxx
> > To unsubscribe send a blank email to
$subst('Email.Unsub')
> >
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
JoePochedley@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » virus blocking
• » RE: virus blocking
• » RE: virus blocking
• » RE: virus blocking
• » RE: virus blocking
• » RE: virus blocking
• » RE: virus blocking
• » RE: virus blocking
• » RE: virus blocking
• » RE: virus blocking
• » RE: virus blocking
• » RE: virus blocking
• » RE: virus blocking

1. Home
2. isalist
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---