RE: SirCam Protection
From: Settle, Sean (SeanSettle@alliantfs.com)Date: 09/26/01
- Previous message: Tom Geldner: "RE: outlook 2002 is a control freak"
- Maybe in reply to: Andrew Blevins: "SirCam Protection"
- Next in thread: NRizvi@slimfast.com: "Re: SirCam Protection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <8DE59F55EE1FB5499076CC0D95812D770F0047@ntex5npc.alliant.com> From: "Settle, Sean" <SeanSettle@alliantfs.com> To: 'Andrew Blevins' <ABlevins@arrowheadgrp.com>, SECURITY-BASICS@securityfocus.com Subject: RE: SirCam Protection Date: Wed, 26 Sep 2001 11:39:45 -0700
You'll have to switch from MAPI mode scanning to a product that supports
VS-API on the server. Some products support both modes.
I can't recommend any specific product mainly because I'm not familiar with
most of them directly (My days of messing with AV stuff on a daily basis are
long past).
The way scanning works in MAPI mode, Exchange delivers the mail and the
virus scanner notices the new message in a user's mailbox and in turn scans
the new message. In VS-API mode, all attachments are scanned before
Exchange sees them. More info here:
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtech
nol/exchange/reskit/ex00res/deploygd/part4/c13virus.asp>
Sean Settle
"The thirst after happiness is never extinguished in the heart of man" -
Jean Jacques Rousseau
-----Original Message-----
From: Andrew Blevins [mailto:ABlevins@arrowheadgrp.com]
Sent: Tuesday, September 25, 2001 11:39 AM
To: SECURITY-BASICS@securityfocus.com
Subject: SirCam Protection
Thanks in advance for any help. We are running Exchange 5.5, and we are
blocking vbs, exe, eml, and the like at the server. However. When one of our
outside agents gets hit with Sircam, we get an instantaneous flood (the
whole address book) of these emails, and the server isn't fast enough to
delete all of the attachments as they go through, so sometimes a Sircam
infected email will sit in a user's inbox for a few minutes before its
attachment is deleted. Sorry if this is a basic question, but are there any
other changes that can be made at the server level that anyone knows of?
Any help would be well appreciated.
Andrew Blevins
- Previous message: Tom Geldner: "RE: outlook 2002 is a control freak"
- Maybe in reply to: Andrew Blevins: "SirCam Protection"
- Next in thread: NRizvi@slimfast.com: "Re: SirCam Protection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
