Re: Security issue with MS Exchange and Windows 2003 Server

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 11/29/05 

Date: Tue, 29 Nov 2005 14:03:26 -0500

From: "ITTester" <ITTester@discussions.microsoft.com>

| Gentlemen,
|
| Thks for your interest to me.
|
| You are almost right on everything.
|
| However, I working on an design area with IT are for them something
| unnatural. I have hard time to restrict the mail usage, the internet access
| until the last infection. I have obtained a increase for my IT budget but not
| enough for whatsoever that I wanted to buy. So please do not shoot the IT
| man.
|
| My design peoples will not accept either accept our IT instruction until one
| more crash. My 3 directors is a designers in fashion.
|
| Yes, there are security issue caused by the staffs but they hire me to patch
| and to repair the damaged - NOT TO PREVENT THE DAMAGE - this is not their
| intention.
|
| Sophie is a GNU AV using legally Sophos virus definition. Yes both AVs,
| clamav and Sophie is on demand only but these AV are controlled by
| Amavisd-new which is similar than GFI ME and Sec compiled together, but free.
| All incomming and outcomming mails are send to Amavisd-new first and this
| apps will instruction other apps modules as clamav, sophie, spamassassin,
| razor, pyzor, dcc, sanitizer to filter the email. They are all on demand
| sofware but they will reject any mail that not passing thru the chain.
|
| Yes the GNU are not easy to learn and to handle with an MS environment. but
| that the best you can have when you don't have a budget as you gentlemens.
|
| Avast: I am in testing period - I have 2 months to try - until now
| everything going more than well on workstation side, I can't give you my
| opion on server side yet as I am not in production stage. I will give you
| feedback after 2 months. However, I alway thing the besst security is your
| LAN user and their IT knowledge. I would like to have more time to do the
| prevention but for now I need to finish the hand dirty job before I can move
| to the education side.
|
| Thanks gentlemens.

OK...

Sophie is far better than ClamAV. At least if Sophie uses the latest Sophos AV signatures
the library is ~115,000. However, it looks like nothing has been done with it since Jan
'04.

I have written something better for the in32 environement. It uses AVscanners from;
Sophos, McAfee, Trend Micro and Kaspersky.

McAfee alone has ~162,000 signatures Kaspersky is a little larger.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

* * * Please report back your results * * * 

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Relevant Pages

  • Re: Security issue with MS Exchange and Windows 2003 Server
    ... > | Sophie is a GNU AV using legally Sophos virus definition. ... At least if Sophie uses the latest Sophos AV signatures ... > FireWall to allow it to download the needed AV vendor related files. ... > This will bring up the initial menu of choices and should be executed in Normal Mode. ...
    (microsoft.public.security.virus)
  • Re: alcan A or a dropper?
    ... I've never had a virus this bad. ... Download Adware-Virtumundo Removal Tool -- ... It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML ...
    (microsoft.public.windowsxp.general)
  • Re: alcan A or a dropper?
    ... Download Adware-Virtumundo Removal Tool -- ... Information on the Adware-Virtumundo Removal Tool: ... It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML ...
    (microsoft.public.windowsxp.general)
  • Re: Need some help with Alcan Worm... Please help!
    ... will make the PPPoE connection. ... a utility that provides 3 different anti virus scanners from; ... This will bring up the initial menu of choices and should be executed in Normal Mode. ... You can choose to go to each menu item and just download the needed files or you can ...
    (alt.comp.anti-virus)
  • Re: Is this a virus / trojan / worm ?
    ... This will bring up the initial menu of choices and should be executed in Normal Mode. ... You can choose to go to each menu item and just download the needed files or you can ... It is suggested to run the scanners in both Safe Mode and Normal Mode. ... Execute; Multi_AV.exe ...
    (microsoft.public.windowsxp.security_admin)