We block exe, com, bat, pif, scr and now zip files at our firewall. We have blocked zips since the first hours of MyDoom.A and I havent had to worry about what antivirus product protected against which variant of what worm and how quickly - its been kind of nice... Our Community knows that we do block these extensions so if someone is going to send them something, they ask the sender to change the extension and then it is up to the User to change it back. A few folks werent real happy with this but they understand the current state of affairs with viri, et al and have come around to it quite nicely.
Jeff Hague MCSE Network Manager Randolph-Macon College Ashland, VA -----Original Message----- From: Ben Winzenz [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 1:17 PM To: Exchange Discussions Subject: RE: Time to start preparing - bagle.h Why would you need a 3rd party utility? You provide the link to the actual file, and their browser will automatically prompt them to open or save the file. Link such as: Http://www.company.com/download.exe Clicking that link would prompt the customer to either open or save the file. We recently did this, but used FTP instead of http. Ben Winzenz Microsoft Exchange MVP Network Engineer Gardner & White Ph (317) 843-3418 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Helfer Sent: Tuesday, March 02, 2004 1:10 PM To: Exchange Discussions Subject: RE: Time to start preparing - bagle.h 3rd party utility, I presume? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Blackstone Sent: Tuesday, March 02, 2004 12:54 PM To: Exchange Discussions Subject: RE: Time to start preparing - bagle.h Put them on a web server and provide a URL. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Helfer Sent: Tuesday, March 02, 2004 9:50 AM To: Exchange Discussions Subject: RE: Time to start preparing - bagle.h But what if your business needs include sending files via email that may be compressed or password-protected compressed? Jim Helfer WTW Architects Pittsburgh PA -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Brasslett Sent: Tuesday, March 02, 2004 12:15 PM To: Exchange Discussions Subject: RE: Time to start preparing - bagle.h Use Antigen and enabled 'Delete Encrypted Compressed Files'. -----Original Message----- From: Steve [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 12:08 PM To: Exchange Discussions Subject: Time to start preparing - bagle.h Well I think we all saw this coming. Originally it was safe to allow zip's to pass through and we all know that is no longer true. I personally have been at a 0 day infection site (when no pattern file was available) twice in the past 3 weeks for two different worms that came in as zip files Now this: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAG LE.H A worm\virus that comes in as a password protected zip. Now things are going to get interesting on how we protect our mail systems. Any one have any thoughts? One of the ideas that is being tossed around here is stripping all attachments and storing them in a central DB and replacing the attachments with URLs (via 3rd party program most likely). This would put all the attachments in a central store and be easier to manage and during an outbreak we would have more power over the data in that repository and who can access it (makes cleaning up easier too I would think). Anyhow, time to start planning and being proactive....any ideas? Steve _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
