I would think that client virus protection & patching would be almost impossible to require with something like that, but if it were on every mail server, nothing would have ever gotten in, correct? I know that ISP's, etc., don't run antivirus at the gateway in most cases, since I believe it's a liability issue, but I would think that a university would be a different question. But as far as I know, the schools I went to (MSU, Siena Heights) don't have mailserver virus filtering. Bizarre.
I suppose to a point Universities are a different breed, but only due to the student's computers. There of course shouldn't be a single faculty or facilities computer infected. You can mandate their security/antivirus settings. On another note, I was browsing my mail logs this morning & saw that a local bank I communicate with regularly wasn't getting their email from our machines. Why? They had taken their mail server(s) down yesterday as a pre-emptive move. If you're protected, I don't know how you can just shut down a business communications mechanism. I just don't get it. I wish you guys all the luck in the world cleaning that stuff up. Josh > -----Original Message----- > From: Kevin Graeme [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 20, 2003 9:25 PM > To: CF-Community > Subject: Re: Clean off > > > Here are our numbers: > http://www.news.wisc.edu/ucomm/facts.html > > That's about 55,000 people across 220 buildings that are spread out > throughout the city. The gist of what you describe is good practice, but I > gather it's almost impossible to do globally. At least here it seems to be > handled more on a building/school basis. > > Then again, I'm not a network/server guy so I don't know the > details of how > they run things. But we made the local news, and according to the story, > there's something like 2,000 infected systems on campus. > http://www.channel3000.com/news/2420102/detail.html > > -Kevin > > ----- Original Message ----- > From: "Josh Remus" <[EMAIL PROTECTED]> > To: "CF-Community" <[EMAIL PROTECTED]> > Sent: Wednesday, August 20, 2003 4:00 PM > Subject: RE: Clean off > > > > Small. Is it that obvious from my post? ;P Less than 100 pc's. But > within > > reason, I'm not sure why everything wouldn't scale up if everything were > > done properly. Understandably, the bigger your network, the > more complex > > your needs, but the below items SHOULD (and I say should with the little > > quote marks around them) work for any size network. > > > > Josh > > > > > -----Original Message----- > > > From: Kevin Graeme [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, August 20, 2003 4:02 PM > > > To: CF-Community > > > Subject: Re: Clean off > > > > > > > > > Just out of curiosity, how large is your network? > > > > > > -Kevin > > > > > > ----- Original Message ----- > > > From: "Josh Remus" <[EMAIL PROTECTED]> > > > To: "CF-Community" <[EMAIL PROTECTED]> > > > Sent: Wednesday, August 20, 2003 1:47 PM > > > Subject: RE: Clean off > > > > > > > > > > I thought I would spend a few seconds responding to this. To be > honest, > > > I'm > > > > always amazed that there are so many professional groups (whether it > be > > > > businesses, government organizations, universities, etc.) that > > > are hit by > > > > problems like this. I suppose universities & their student's > computers > > > are > > > > a different question. > > > > > > > > What we do is: > > > > 1. Everything is behind a firewall that is very tightly > managed. All > > > > externally-accessible boxes (such as web server, mail server, > > > etc) are in > > > a > > > > DMZ, but still firewalled except for ports that required access (80, > 25, > > > > 110, etc). Hence, no vulnerability to port 135 (blaster-esque) > attacks, > > > > etc. > > > > 2. We run Patchlink Update with regular pushes to keep all > workstations > > > and > > > > servers updated. This software has been a godsend since > implementation. > > > > 3. We run Norton AntiVirus Corporate Edition on all servers and > > > > workstations with a AntiVirus server. It downloads virus updates > every > > > > evening and the clients all grab it. > > > > 4. We run SpamAssasin & an AntiVirus package on our Mail server. > That > > > > antivirus is updated hourly, and hasn't (knock on wood) missed a > single > > > one > > > > since we've brought it online. It also filters a whole host of > > > attachment > > > > extensions that we don't allow. > > > > > > > > With all of this, we feel pretty happy. I'll never rest on my > > > laurels, or > > > > assume we can't get caught still, but this puts us in pretty good > shape. > > > > > > > > My 2 cents. > > > > > > > > Josh > > > > > > > > > > > > > -----Original Message----- > > > > > From: Heald, Tim [mailto:[EMAIL PROTECTED] > > > > > Sent: Wednesday, August 20, 2003 12:29 PM > > > > > To: CF-Community > > > > > Subject: RE: Clean off > > > > > > > > > > > > > > > Thankfully between gov't email and speakeasy's amazing > services I am > > > > > relatively untouched by the madness around me. > > > > > > > > > > How bad is it for other people? I am writing a special topic > > > > > paper on soBig > > > > > and the blaster variants, and tying it into change/patch > management > > > > > practices. I would really love to hear back from anyone > that's been > > > hit, > > > > > about how they have dealt with it. Also those that weren't > affected, > > > what > > > > > practices and policies do you have in place to help you mitigate > > > > > some of the > > > > > threat? > > > > > > > > > > Thanks, > > > > > > > > > > Timothy Heald > > > > > Information Systems Specialist > > > > > Overseas Security Advisory Council > > > > > U.S. Department of State > > > > > 571.345.2235 > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > > > > > Sent: Wednesday, August 20, 2003 12:26 PM > > > > > To: CF-Community > > > > > Subject: Clean off > > > > > > > > > > > > > > > I'm assuming everyone is covered by spam at the moment can can't > post. > > > If > > > > > so, > > > > > how about using CF to do your cleanup for you. Use CFPOP to > > > get all the > > > > > headers > > > > > from your mail box (or maybe the first 20-50 at a time) > and then run > > > this > > > > > against the returned query: > > > > > SELECT Subject > > > > > FROM Spam > > > > > WHERE (DomainChecked = 0) AND (Subject LIKE '%Thank you%' OR > > > > > Subject LIKE '%Approved%' OR > > > > > Subject LIKE '%Details%' OR > > > > > Subject LIKE '%Wicked screensaver%' OR > > > > > Subject LIKE '%movie%' OR > > > > > Subject LIKE '%your application%' OR > > > > > Subject LIKE '%attachment%' OR > > > > > Subject LIKE '%failure%' OR > > > > > Subject LIKE '%failed%' OR > > > > > Subject LIKE '%returned%' OR > > > > > Subject LIKE '%virus%') > > > > > ORDER BY Subject > > > > > Anything that comes back can be routed to the screen so you > > > can view the > > > > > subject > > > > > and other info. If its spam, just tell CFPOP to delete it. > > > Saves on the > > > > > downloading and can even be automated more. > > > > > If you have access to your mail server, I've got an additional > script > > > > > suggestion > > > > > that'll do the job automatically by detecting any mail files with > > > > > viruses in > > > > > them. Just needs CF, CFDIRECTORY, a CFX and a CFIF. > > > > > > > > > > Michael Dinowitz > > > > > Finding technical solutions to the problems you didn't know > > > you had yet > > > > > > > > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:5 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Get the mailserver that powers this list at http://www.coolfusion.com
