I agree with Glenn. Close to a year ago, we finally bit the bullet and stopped many files from coming through. With that, our virus = notifications have gone down to almost nil! With the files being blocked at the = firewall, the desktops/servers having protection and scanning SMTP files - we have almost NONE!!! In our case, we do get several per month... Each is always from a floppy disk from one of our students... No brainer IHMO, Rick -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Sullivan, Glenn Sent: Monday, May 19, 2003 10:25 AM To: 'windows2000@xxxxxxxxxxxxx' Subject: [windows2000] Re: VIRUS WARNING I would agree, in all cases but .exe and .com files. My list of files to block is a list of files that users don't normally = send about. For example, when was the last time that someone legitimately = sent a .pif (Program Information File) or .scr (screen saver file)? How about = an .hta (HTML Application) or a .chm (Compiled Help Module)? Not = frequently. I have a high level of trust on my Exchange Antivirus (Trend ScanMail, = if anyone cares) and it checks for updates hourly. But on the off chance something gets missed, the attachment blocking protects. In 4 years, I have had exactly 4 instances of a file being blocked that = was actually required. (Granted I am not counting the numerous times a cheesy flash game was blocked, but we won't go into that...) Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: SewardAdmin [mailto:mwm@xxxxxxx] Sent: Monday, May 19, 2003 10:12 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: VIRUS WARNING Hi, Norton AV - Corporate Version 8 catches this one - and we've never had a virus problem, even in previous versions. However, since version 8, all virus-defs are less than 100kbs for updates, but before this version, auto-updates downloaded the entire listing - prior to updating.... which = was stupid! Now - auto-updates are almost instant - as well as all users on = the server. Another great feature that NavCorp has added, was to keep it in the background - and not bother anyone. All viruses - via email or other = means - can be setup to automatically delete - and users are not bothered by = the "Virus Found!" screen! There are many more features - but I'm keeping = with the current subject. As far as censorship - we don't! Our IT-Staff is here to server the = users, not limit them in the ways that they can get business done! We allow = any attachments at our organization ( for the last 3 years ) - exe's = included - and have never been infected. 99.9% of all emails with viruses (at our organization) - are from unknown parties, and are delete by NavCorp immediately. No one has to be bothered - including the IT-Staff, just because a Virus has been sent. We can always refer to our logs - if = needed. This is an IT-Staffers responsibility, making sure that files are safe = for viewing and using, while not impeding the work flow. And though I = realize that many IT-Departments have stricter standards and methods of ideology = - we wouldn't have a job without users! Regards Mike ----- Original Message -----=20 From: "Chris McEvoy" <chris@xxxxxxxxxxxxxxxxx> To: <windows2000@xxxxxxxxxxxxx> Sent: Monday, May 19, 2003 5:32 AM Subject: [windows2000] Re: VIRUS WARNING > > Thanks Jim. Do you know if the latest Norton definitions can catch=20 > this one? > > > -----Original Message----- > > From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=3D20 > > Sent: Monday 19 May 2003 14:24 > > To: thin@xxxxxxxxxxxxx; windows2000@xxxxxxxxxxxxx;=3D20 =20 > >brainstem@xxxxxxxxxxxxx > > Subject: [windows2000] VIRUS WARNING > >=3D20 > >=3D20 > >=3D20 > > If you receive an email from Support@xxxxxxxxxxxxx that has=3D20 an = > >attachment DO NOT OPEN IT! This is a virus. Delete it=3D20 =20 > >immediately. My mcaffee I updated yesterday is not catching=3D20 = this=20 > >one. Watch out! Regards, Jim Kenzig =3D20 > >=3D20 > > VIRUS WARNING The Central Command(r) Emergency Virus Response=3D20 > > Team(tm) (EVRT(tm)) has received virus infection reports for = the=3D20 > > new Internet Worm/Palyh.A=3D20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D3D030518-000043>. Due to increased customer = inquires=3D20 > > and infection reports the EVRT is issuing a VIRUS ALERT. > >=3D20 > > You are receiving this news letter because you are a=3D20 > > subscriber to the Central Command Virus News mailing list. > >=3D20 > > [ EVRT(tm) Virus Warning issued for Worm/Palyh.A=3D20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D3D030518-000043> ] > >=3D20 > > Name: Worm/Palyh.A=3D20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > > user/std_adp.p > > hp?p_refno=3D3D030518-000043> > > Alias: Win32.Palyh-A > > Type: Internet Worm > > Discovered: May 18, 2003 > > Size: 52.955KB > > Platform: Microsoft Windows 9x/ME/NT/2000/XP > >=3D20 > >=3D20 > > Description: > >=3D20 > > Worm/Palyh.A=3D20 > > <http://support.centralcommand.com/cgi-bin/command.cfg/php/end > user/std_adp.p > hp?p_refno=3D3D030518-000043> is an Internet worm that spreads through = > e-mail by using addresses it collects in the files with the following=20 > extensions, .dbx, .eml, .htm, .html, .txt, and .wab. > > The worm may arrive in via email in the following format: > > From: support@xxxxxxxxxxxxx > Subject: (it will contain one of the following) > > - Your Password > - Screensaver > - Re: Movie > - Your details > - Approved (Ref: 38446-263) > - Re: Approved (Ref: 3394-65467) > - Cool screensaver > - Re: My details > - Re: My application > - Re: Movie > > Attachment: (it will contain one of the following) > > - movie28.pif > - application.pif > - ref-394755.pif > - approved.pif > - doc_details.pif > - your_details.pif > - screen_temp.pif > - screen_doc.pif > - password.pif > > If executed, the worm copies itself in the \windows\ directory under=20 > the filename "mscon32.exe". > > So that it gets run each time a user restart their computer the=20 > following registry key gets added: > > - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run > "System Tray"=3D3D"C:\\WINDOWS\\MSCON32.EXE" > > > =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D= 3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D > =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D > To Unsubscribe, set digest or vacation > mode or view archives use the below link. > > http://thethin.net/win2000list.cfm > > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D > To Unsubscribe, set digest or vacation > mode or view archives use the below link. > > http://thethin.net/win2000list.cfm =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm