Just out of curiosity, how large is your network? -Kevin
----- Original Message ----- From: "Josh Remus" <[EMAIL PROTECTED]> To: "CF-Community" <[EMAIL PROTECTED]> Sent: Wednesday, August 20, 2003 1:47 PM Subject: RE: Clean off > I thought I would spend a few seconds responding to this. To be honest, I'm > always amazed that there are so many professional groups (whether it be > businesses, government organizations, universities, etc.) that are hit by > problems like this. I suppose universities & their student's computers are > a different question. > > What we do is: > 1. Everything is behind a firewall that is very tightly managed. All > externally-accessible boxes (such as web server, mail server, etc) are in a > DMZ, but still firewalled except for ports that required access (80, 25, > 110, etc). Hence, no vulnerability to port 135 (blaster-esque) attacks, > etc. > 2. We run Patchlink Update with regular pushes to keep all workstations and > servers updated. This software has been a godsend since implementation. > 3. We run Norton AntiVirus Corporate Edition on all servers and > workstations with a AntiVirus server. It downloads virus updates every > evening and the clients all grab it. > 4. We run SpamAssasin & an AntiVirus package on our Mail server. That > antivirus is updated hourly, and hasn't (knock on wood) missed a single one > since we've brought it online. It also filters a whole host of attachment > extensions that we don't allow. > > With all of this, we feel pretty happy. I'll never rest on my laurels, or > assume we can't get caught still, but this puts us in pretty good shape. > > My 2 cents. > > Josh > > > > -----Original Message----- > > From: Heald, Tim [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 20, 2003 12:29 PM > > To: CF-Community > > Subject: RE: Clean off > > > > > > Thankfully between gov't email and speakeasy's amazing services I am > > relatively untouched by the madness around me. > > > > How bad is it for other people? I am writing a special topic > > paper on soBig > > and the blaster variants, and tying it into change/patch management > > practices. I would really love to hear back from anyone that's been hit, > > about how they have dealt with it. Also those that weren't affected, what > > practices and policies do you have in place to help you mitigate > > some of the > > threat? > > > > Thanks, > > > > Timothy Heald > > Information Systems Specialist > > Overseas Security Advisory Council > > U.S. Department of State > > 571.345.2235 > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 20, 2003 12:26 PM > > To: CF-Community > > Subject: Clean off > > > > > > I'm assuming everyone is covered by spam at the moment can can't post. If > > so, > > how about using CF to do your cleanup for you. Use CFPOP to get all the > > headers > > from your mail box (or maybe the first 20-50 at a time) and then run this > > against the returned query: > > SELECT Subject > > FROM Spam > > WHERE (DomainChecked = 0) AND (Subject LIKE '%Thank you%' OR > > Subject LIKE '%Approved%' OR > > Subject LIKE '%Details%' OR > > Subject LIKE '%Wicked screensaver%' OR > > Subject LIKE '%movie%' OR > > Subject LIKE '%your application%' OR > > Subject LIKE '%attachment%' OR > > Subject LIKE '%failure%' OR > > Subject LIKE '%failed%' OR > > Subject LIKE '%returned%' OR > > Subject LIKE '%virus%') > > ORDER BY Subject > > Anything that comes back can be routed to the screen so you can view the > > subject > > and other info. If its spam, just tell CFPOP to delete it. Saves on the > > downloading and can even be automated more. > > If you have access to your mail server, I've got an additional script > > suggestion > > that'll do the job automatically by detecting any mail files with > > viruses in > > them. Just needs CF, CFDIRECTORY, a CFX and a CFIF. > > > > Michael Dinowitz > > Finding technical solutions to the problems you didn't know you had yet > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:5 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Get the mailserver that powers this list at http://www.coolfusion.com
