With my solution I filter out all Ban Notifications to my users except for EXE files by searching for the string that contains the banned file extention information. This way they cant release fun files such as mpegs, I also have DELETEVIRUSES set to ON in the virus.cfg file to make sure identified viruses cant be released.
In my environment the exe files are print utilities sent with loan documents and the subject line is very precise as to what the held file is. The user does have to click a link that opens the web browser to the relavant server, then they must copy and paste the file name into a text field and click submit. These steps are reasonable for the user to think about what they are doing. Sadly enough I do get calls from users who dont know how to copy and paste, sigh, well they are the ones that we have to watch so they get verbal instruction about knowing exactly what they are releasing. The only hole in this system for me is that a remote user can release the file as well, I am in the process of restricting access by IP address to the site. I will be adding another step per John's suggestion (when I get time) to have the user input their email address, I will have it send an email notification to my ban file notify mailbox (i maintain an email history) I will probly have it check the data after the @ for allowed domains or against a list of users depending on how much time I have to spend on it. <Scott> A seperate ban notification message for local and remote users would be very helpful. </Scott> <end user humor> When I first set it up I botched the filter that grabs the notifications and recieved a call from a user who was trying to release a .pif file, she was insistant on getting that file and said "I want to see what it is" despite stating she didnt know who the sender was. I wished for a remote choking apparatis at that moment. </end user humor> Rick Davidson National Systems Manager North American Title Group - ----- Original Message ----- From: "Douglas Cohn" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 02, 2004 9:26 AM Subject: RE: [Declude.Virus] Notification for forwarded messages > Can someone please make something clear regarding this and Ricks solution. > > Why is the sender getting the email? > > I was under the impression (I believe incorrectly) that the recipient was > getting the opportunity to receive emails which have a virus within. > > What would a recipient need to verify to receive? An email with a Ezip > attached? > > TIA > > Doug > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Hermann Strassner > Sent: Wednesday, June 02, 2004 3:22 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.Virus] Notification for forwarded messages > > It is intented not to make it to easy for the user. Otherwise some of our > users would just click and forward potentially dangerous messages without > concern. > And the sender gets the message, not the recipient. > > Hermann > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox > Sent: Tuesday, June 01, 2004 7:43 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] Notification for forwarded messages > > > I think Rick's solution was easier for the user. They just click a link. I > know our users would hate to have to reply to an email with a specific word > to get the email...especially if they have to remember it... > > Darin. > > > ----- Original Message ----- > From: "Goran Jovanovic" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, June 01, 2004 1:23 PM > Subject: RE: [Declude.Virus] Notification for forwarded messages > > > Definitely I would like to see it. > > Thanx > > > Goran Jovanovic > The LAN Shoppe > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > > [EMAIL PROTECTED] On Behalf Of Hermann Strassner > > Sent: Tuesday, June 01, 2004 11:46 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [Declude.Virus] Notification for forwarded messages > > > > OK, this seems all a little bit to much effort. Now i made a little > .CMD > > file (W2000). > > > > The sender (or the postmaster) get the notification mail, answers to > it. > > The answer goes to a Imail program alias, this calles the .cmd and if > > the answer is correct (the user has to type in a word exactly as > written > > to make sure the mail is sent intentionally) the two files are moved > to > > the spool dir. If successful the user gets a notification mail. > > > > If someone is interested, i can send this files. > > > > Hermann > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson > > Sent: Friday, May 28, 2004 5:01 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.Virus] Notification for forwarded messages > > > > > > I have written a simple app using ASP and PERL that will move the > > quarantined file from the virus directory back to the spool for > > delivery. It > > requires IIS to run on the same box as Imail, I run gateway servers so > > it is > > a bit easier for me. > > > > I include the spool name and a link to the gateway server that held > the > > file > > in the BanNotify message, the user copies the file name and pastes it > to > > text box on the ASP page, clicking submit sends it to the PERL script > > which > > moves the file back to the spool. > > > > I then intercept all notifications for banned files that I dont want > > them > > retreiving such as mpegs and mp3s > > > > Works great > > > > I dont mind sharing the code if anyone wants it > > > > Rick Davidson > > National Systems Manager > > North American Title Group > > - > > ----- Original Message ----- > > From: "Hermann Strassner" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, May 28, 2004 6:39 AM > > Subject: [Declude.Virus] Notification for forwarded messages > > > > > > Hello! > > > > We block ZIPs and some executable extensions and want to leave it this > > way. Because some folks need to send them, we have to check the > > quarantined files (for viruses) and forward the mails without viruses > > manually. Is there a way to inform the user that his mail is now > > forwarded? > > > > Alternatively, is it possible for the user to answer to the automatic > > generated mail and forward the mail by himself? Is it possible > somehow? > > I think of it as follows: User sends email with ZIP, gets a > > notification, answers to the notification with YES or something like > > that, Declude sees it and forwards this email. I think this is enough > to > > make sure the user sends the email intentionally. > > > > Hermann > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > > --- > [This E-mail scanned for viruses by Declude Virus] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
