Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A

From: Eric Coulombe (eric.coulombe@INFORMA.QC.CA)
Date: 09/19/01


Message-ID:  <8AA0D90C6C5DE342A8C8C45CB444F73A01710A@servd01.vd.informa.ca>
Date:         Wed, 19 Sep 2001 09:14:48 -0400
From: Eric Coulombe <eric.coulombe@INFORMA.QC.CA>
Subject:      Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Steps Needed in order to allow WebOutlook from windwos 2000 exchange
server

Assuming your are using original INI file

herre are options i needed to change. Best way to know wich options are
needed in your case is to look in your urlscan log then activating only
what YOU need in order to receive no error when you are accessing your
ressources. But the more you "unlock" the more vulnerable you are.

--- Option not changed are not shown.... ---
[options]
AllowDotInPath=1 ; if 1, allow dots that are not file
extensions
AllowLateScanning=1 ; if 1, then UrlScan will load as a low
priority filter.

[AllowVerbs]

OPTIONS ; For prontpage extentions
SEARCH ; Used by Weboutlook
          ; FrontPage Server Extensions requires OPTIONS. If you need
to enable
         ; it, uncomment the OPTIONS verb and set "AllowLateScanning=1"
in the
         ; [Options] section above. Additionally, after changing this
file and
         ; restarting the web service, you should go to the "ISAPI
Filters" tab
         ; for the server's properties in MMC and ensure that UrlScan is
listed
         ; lower than fpexedll.dll.

[DenyExtensions]

;
; Extensions listed here either run code directly on the server,
; are processed as scripts, or are static files that are
; generally not intended to be served out.
;
; Note that these entries are effective if "UseAllowExtensions=0"
; is set in the [Options] section above.
;
; Also note that ASP scripts are allowed to run with the below
; settings. If you wish to prevent ASP from running, add the
; following extensions to this list:
; .asp <--- Make sure ASP is NOT disabled

Other options have not needed to be changed....

=====
Eric Coulombe ( eric.coulombe@informa.qc.ca )
Dept. Technique
Marco Michaud Informatique Inc.

======================================
Delivery co-sponsored by Trend Micro, Inc.
======================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?siS&BI;$5&UL;=http://www.ant
ivirus.com/smex2000_rebate



Relevant Pages

  • FREE+BUSY Access problem
    ... I've recently moved my Exchange 2003 server to new hardware. ... I use an asp page to ... However only Domain Admin window accounts are able to view this ...
    (microsoft.public.exchange.development)
  • LDAP Not Usable in 2003 Environment ??
    ... I am VERY new to Active Directory, ... I currently have a successfully working test of an ASP page using LDAP ... our Exchange 5.5 server will soon become Exchange ...
    (microsoft.public.exchange.connectivity)
  • Re: IIS5 not impersonating Basic Authd user on one server
    ... The ASP page requires Basic Authentication. ... attempts to access an Exchange box using WebDAV? ... same server, running Exchange and my application in another VDir. ... The Exchange VDir is protected by Basic and Integrated Auth ...
    (microsoft.public.inetserver.iis.security)
  • Re: using CDOEX.dll
    ... CDOEX is not remoteable so your ASP .NET application has to run on the ... Exchange Server. ... If it doesn't the app won't work. ...
    (microsoft.public.exchange2000.development)
  • Re: Exchange Disaster Recovery Server
    ... The backup server is setup also in the lab so I ... >>> The Microsoft Exchange Server computer is not available. ... >>> Microsoft Exchange Server Information Store ...
    (microsoft.public.exchange2000.admin)