This isa two parter. You can strip an attachment and replace it with a text file, leaving the rest of the message in tact, or you can quarantine the entire e-mail.
If you quarantine the entire message, you can go into the quarantine folder, and rename the file to have a .EML extension and open it in Outlook Express to get the attachment. You can also go into the quarantine and tell it to resend. So this is a way to recover an attachment, but then you have to do this rename/Outlook Express thing. Additionally, with the quarantine method, the recipient doesn't get the actual e-mail at all. They could get a notification that an e-mail was blocked, if you choose to send those. This is why I prefer to use strip the attachment feature, but then the attachment is deleted. The strip attachment feature changed from v6.2 to v7.x. In v6.2, a copy of the attachment was saved in the ALERT folder. This is not done in v7.2 http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-126412&id =EN-126412 Again, going back to Symantec, with Mail Security, I can quarantine an attachment only, and still deliver the body of the e-mail. Additionally, Symantec Mail Security lets you "release by file" (saves to a quarantine folder as the actual attachment name) or "release by mail" (e-mails the attachment to the intended recipient). Now.... Reading some release notes again.... lets go back to those "new features vis registry keys". This is in a readme from service pack 2. It looks like setting this registry key will let you choose the quarantine feature for attachment blocking, and it will still send the good message body, and just quarantine the attachment. If this is trust, I guess Trend realized customers wanted this feature back. I need to test this out this weekend. 36. A new feature now allows ScanMail to only quarantine the attachment or message body in an email and replace it with a text file. The rest of the message will then be sent to recipients. This function is disabled by default. To enable the function, create the following key in the registry: * Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\ CurrentVersion * Key: DisableSMTPOnSubmissionEventSink * Function: Enable the partial quarantine function * Value: 1- Enable the partial quarantine function 0- Keep the default setting, quarantine the entire message * Type: REG_SZ (DWORD) * Path: HKLM\SOFTWARE\TrendMicro\ScanMail for Exchange\ CurrentVersion * Key: DontAddTagInResent * Function: By default, ScanMail is set to add an extra message signature in the replacement file. If a user enables this function, ScanMail will not add the signature in the replacement file. * Value: 1- The extra signature will not be added 0- Keep the default setting * Type: REG_SZ (DWORD) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chinnery, Paul Sent: Friday, September 15, 2006 2:09 PM To: Exchange Discussions Subject: RE: AV for E2K3 RE:Trend I"m still at v6x but am planning to move to v7 next week. In part 1, you say that Trend just deletes blocked attachments. I believe this is configurable. In v6x, I have mine set to quarantine so I can release if necessary. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Evan Mann Sent: Friday, September 15, 2006 1:48 PM To: Exchange Discussions Subject: RE: AV for E2K3 I've used most of the popular ones: Symantec Mail Security v4 and v5 Trend ScanMail v7.x GroupShield v6.00 (not the newer revisions) Sybari Antigen Sybari was the most expensive, and I wasn't wowed by it enough to proceed with trying to get a better deal. I hated GroupShield. Did not like the UI or the configurability, maybe it's better now. I used Symantec Mail Security for almost 5 years. V4.5 made it a very stable product, and v4.6 even better. They revamped the UI in v5.0 and I didn't like it as much. I recently switched to Trend and I like the product a lot overall, but I find it lacking some key features that Symantec had: 1) It does not quarantine blocked attachments, just deleted them 2) Symantec lets you hav separate rules for smtp inbount, smtp outbound, and/or store scanning for all levels of security (virus, attachment, content, etc). With Trend you have SMTP transport level and store level and your rule sets are universal. 3) The attachment blocking configurability isn't strong enough. You have to choose "allow all and block these" or "allow non and allow these". I've got an application that has a proprietary attachment picked up by the application blocking group when using "allow all but block these". I have no way to tell the system to override that rule and allow this attachment. Support told me to flip to "allow all and block these" and manually create lists. I can do this with Symantec. Lastly a bunch of new features that were added to v7.2 in service pack 1 and 2 require registry edits, they really should be in the GUI, but this is minor. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John B Sent: Friday, September 15, 2006 10:44 AM To: Exchange Discussions Subject: AV for E2K3 All, I'm just trying to get a survey of what AV everyone is using and what everyone recommends for their Exchange servers. I'm in the process of trying to find one for a server we are about to bring online. Thanks, John B. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
