Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A

From: Eric Coulombe (eric.coulombe@INFORMA.QC.CA)
Date: 09/19/01

Message-ID:  <>
Date:         Wed, 19 Sep 2001 09:14:48 -0400
From: Eric Coulombe <eric.coulombe@INFORMA.QC.CA>
Subject:      Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A

Steps Needed in order to allow WebOutlook from windwos 2000 exchange

Assuming your are using original INI file

herre are options i needed to change. Best way to know wich options are
needed in your case is to look in your urlscan log then activating only
what YOU need in order to receive no error when you are accessing your
ressources. But the more you "unlock" the more vulnerable you are.

--- Option not changed are not shown.... ---
AllowDotInPath=1 ; if 1, allow dots that are not file
AllowLateScanning=1 ; if 1, then UrlScan will load as a low
priority filter.


OPTIONS ; For prontpage extentions
SEARCH ; Used by Weboutlook
          ; FrontPage Server Extensions requires OPTIONS. If you need
to enable
         ; it, uncomment the OPTIONS verb and set "AllowLateScanning=1"
in the
         ; [Options] section above. Additionally, after changing this
file and
         ; restarting the web service, you should go to the "ISAPI
Filters" tab
         ; for the server's properties in MMC and ensure that UrlScan is
         ; lower than fpexedll.dll.


; Extensions listed here either run code directly on the server,
; are processed as scripts, or are static files that are
; generally not intended to be served out.
; Note that these entries are effective if "UseAllowExtensions=0"
; is set in the [Options] section above.
; Also note that ASP scripts are allowed to run with the below
; settings. If you wish to prevent ASP from running, add the
; following extensions to this list:
; .asp <--- Make sure ASP is NOT disabled

Other options have not needed to be changed....

Eric Coulombe ( )
Dept. Technique
Marco Michaud Informatique Inc.

Delivery co-sponsored by Trend Micro, Inc.
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:;$5&UL;=http://www.ant