NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] new virus (?)



The bottom of this article:

http://support.microsoft.com/directory/article.asp?id=kb;en-us;Q290497

details all of the attachments that the Outlook security patch blocks.

--Philip

> -----Original Message-----
> From: Mike Sullivan [mailto:[email protected]]
> Sent: 05 December 2001 18:24
> To: [email protected]
> Subject: Re: [FW-1] new virus (?)
>
>
> Where might I look for a list of the file types to block?
>
> > -----Original Message-----
> > From: Colmer, Philip [SMTP:[email protected]]
> > Sent: Wednesday, December 05, 2001 1:36 AM
> > To:   [email protected]
> > Subject:      Re: [FW-1] new virus (?)
> >
> > > We just got hit hard with emails with "Subject: Hi" and an
> > > attachment named "gone.scr".  has anyone else seen this?
> What is the
> > > procedure for blocking an email based on the subject at the
> > > firewall?
> >
> > You cannot block based on a subject with the firewall.
> >
> > What you can do is create an SMTP Security Server resource and use
> > that to strip out the attachments, either based on the MIME
> encoding
> > type
> > (pre-SP3)
> > or on the extension type (SP3 and later).
> >
> > To do this:
> >
> > 1. Create an SMTP resource. If all you are wanting to do is
> strip bad
> > attachments, just give it a name and put the IP address of the
> > destination SMTP server in. You can also use this resource
> to ensure
> > that incoming email matches your email domains - useful for
> preventing
> > relaying through your email server.
> >
> > 2. Set up a rule that ensures that all email intended for
> your email
> > server goes against the resource. To do this, where it
> would normally
> > say "SMTP" as
> > the service, remove this and add the resource instead. Pick
> SMTP and then
> > pick the resource from the list.
> >
> > 3. Once you've set up the policy, go to the firewall. Find the
> > objects.C file. Edit the file and look for the definition
> of the SMTP
> > resource you've just created. Add the following to the end of the
> > definition:
> >
> > : (forbiddenfiles
> >   : ("{*.scr}")
> > )
> >
> > Save the file and re-implement the policy.
> >
> > What happens is that any attempt to connect to your email
> server for
> > the purposes of SMTP gets intercepted by the firewall. It
> then strips
> > out any attachment that has an extension that matches the
> list above -
> > you can have comma-separated types, e.g. ("{*.vbs,*.vbe,*.shs}").
> >
> > We've implemented the above ".scr" list for now, but we'll
> shortly be
> > expanding it to include all of the filetypes that Outlook
> now blocks.
> >
> > Implementing this has two benefits:
> >
> > 1. It stops the filetypes even hitting the mail server,
> thus reducing
> > the amount of work that the anti-virus software has to do.
> >
> > 2. It ensures that new viruses get stripped out, regardless
> of whether
> > or not the AV software knows about it ... which it didn't
> for the new
> > gone.scr virus.
> >
> > Hope that helps.
> >
> > --Philip
> >
> > --
> > Philip Colmer MBCS CEng                 Tel: 01223 271223
> > I.T. Manager                            Fax: 01223 215513
> > ProQuest Information & Learning
> > The Quorum, Barnwell Road, Cambridge, CB5 8SW
> >
> > ===============================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > ===============================================
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.htm> l
>
> ===============================================
>

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.