Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A
From: Scott Schnoll (scott_schnoll@MSN.COM)Date: 10/09/01
- Previous message: Peter Bowyer: "Re: Nimda + apache"
- In reply to: Eric Coulombe: "Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A"
- Next in thread: Runza, Michael: "Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <001301c150dd$485159d0$1b646464@earth> Date: Tue, 9 Oct 2001 09:13:02 -0700 From: Scott Schnoll <scott_schnoll@MSN.COM> Subject: Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I would not use URLScan or the IIS Lockdown tool on any Exchange 2000 server
unless and until Microsoft releases specific instructions for using these
tools on this platform.
My $.02.
-- Regards,Scott Schnoll
----- Original Message ----- From: "Eric Coulombe" <eric.coulombe@INFORMA.QC.CA> To: <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM> Sent: Wednesday, September 19, 2001 6:14 AM Subject: Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A
Steps Needed in order to allow WebOutlook from windwos 2000 exchange server
Assuming your are using original INI file
herre are options i needed to change. Best way to know wich options are needed in your case is to look in your urlscan log then activating only what YOU need in order to receive no error when you are accessing your ressources. But the more you "unlock" the more vulnerable you are.
--- Option not changed are not shown.... --- [options] AllowDotInPath=1 ; if 1, allow dots that are not file extensions AllowLateScanning=1 ; if 1, then UrlScan will load as a low priority filter.
[AllowVerbs]
OPTIONS ; For prontpage extentions SEARCH ; Used by Weboutlook ; FrontPage Server Extensions requires OPTIONS. If you need to enable ; it, uncomment the OPTIONS verb and set "AllowLateScanning=1" in the ; [Options] section above. Additionally, after changing this file and ; restarting the web service, you should go to the "ISAPI Filters" tab ; for the server's properties in MMC and ensure that UrlScan is listed ; lower than fpexedll.dll.
[DenyExtensions]
; ; Extensions listed here either run code directly on the server, ; are processed as scripts, or are static files that are ; generally not intended to be served out. ; ; Note that these entries are effective if "UseAllowExtensions=0" ; is set in the [Options] section above. ; ; Also note that ASP scripts are allowed to run with the below ; settings. If you wish to prevent ASP from running, add the ; following extensions to this list: ; .asp <--- Make sure ASP is NOT disabled
Other options have not needed to be changed....
===== Eric Coulombe ( eric.coulombe@informa.qc.ca ) Dept. Technique Marco Michaud Informatique Inc.
=========================Delivery co-sponsored by Trend Micro, Inc. =========================BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000 Earn 5% rebate on licenses purchased for Trend Micro ScanMail for Microsoft Exchange 2000 between October 1 and November 16. ScanMail ensures 100% scanning of inbound and outbound traffic and provides remote software management. For program details or to download your 30-day FREE evaluation copy: http://www.antivirus.com/banners/tracking.asp?siS&BI;$5&UL;=tp://www.ant ivirus.com/smex2000_rebate
- Previous message: Peter Bowyer: "Re: Nimda + apache"
- In reply to: Eric Coulombe: "Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A"
- Next in thread: Runza, Michael: "Re: IIS infection prevention from W32.Nimda.A@mm/TROJ_NIMDA.A"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
