Fully agree with Ed! Real products have both :-) - filter based on attachment type [1] and filter based on extension. I set up both. I have had one case where, when I went to a new job they were only scanning on attachment type. A different type of executable came through and was not identified as an executable. Not a big issue in the particular case , but a file extension list was implemented straight away.
Belts and braces. I have used mimesweeper for 15 years www.clearswift.com and am happy with it I run the smtp version , soon to be in a virtual server environment Also real products will also scan through files for nested objects (executable inside zip file inside word document) Cheers Dean [1] attachment type - product recognises actual content of file and filters on that . i.e pwrn.mp3 file renamed to pwrm.doc file , fiel still blocked as scanner knows the file's structure is mp3 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP] Sent: Thursday, 26 April 2007 05:17 To: Exchange Discussions Subject: RE: yet another "what's the best antivirus" question Useful scanning products don't rely on file extensions. Ed Crowley MCSE+Internet MVP Time Magazine's Person of the Year! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wells, James Arthur Sent: Wednesday, April 25, 2007 9:37 AM To: Exchange Discussions Subject: RE: yet another "what's the best antivirus" question It's usually a configuration issue - specifying *.ext instead of using Regular Expressions will prove to be very painful. --James -----Original Message----- From: "Ed Crowley [MVP]" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[email protected]> Sent: 4/25/07 11:00 AM Subject: RE: yet another "what's the best antivirus" question How would you have false positives by filtering on file extensions? It would have to be a pretty sloppy program that make mistakes on that rule. So you would like users to be able to rename files loaded with viruses to bypass your filter, right? Ed Crowley MCSE+Internet MVP Time Magazine's Person of the Year! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of titanic panic Sent: Tuesday, April 24, 2007 6:38 AM To: Exchange Discussions Subject: yet another "what's the best antivirus" question Hi, We finally moved off NT4 and exch 5.5 and will need to consider a new AV program for Exch 2003. All I really want out of an AV app is to filter attachments based on file extensions and to drop those filtered attachments into a folder for me to retrieve false positives. It looks like the two best AV apps are Antigen and Scanmail. We used Scanmail on our exch 5.5 server and it was a solid product. But it looks like TrendMicro now sells ScanMail as a suite and I'm not interested in the overhead of spam filtering since our ISP runs spamassassin for us. I feel like the fact that MS owns Antigen to be very encouraging but MS loves to have a short shelf life for their products and they seem to have an agenda to try and make you upgrade even if you're not quite ready (*cough* vista *cough*). So hopefully someone can indicate which is the cheaper app that doesn't impact performance too much and works very well at catching viruses. Thanks, Joon _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ********************************************************************** Have you clicked on yet? www.nrc.govt.nz ********************************************************************** NORTHLAND REGIONAL COUNCIL This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] ********************************************************************** _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
