You can also do what I used to do when we were on Groupshield, which is look through the imcdata\in\archive directory and look at the files that came in at the time the virus alert was sent by Groupshield. This, needless to say, assumes that you have message archiving turned on.
-Peter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 03, 2001 13:25 To: Exchange Discussions Subject: RE: New Groupshield install. Yeah, you need to pull down the Message Body Scanner and the Names Resolver. I am probably one of the lists biggest backers of the NAI/McAfee (since that is what was in use when I got here) suite when the AV jihads come through every so often. That being said, Chris Scharff is absolutely correct when he said in a previous posting " Using the AVAPI? This is an inherent limitation of the API." And it SUCKS!!!! I am told by NAI that it is fixed in GSE2K. And, yes, it only works against the quarantine database to my knowledge. It has been much more of an art than a science. Ken Powell Systems Administrator Clark County Office of Budget and Information Services (OBIS) Vancouver, Washington [EMAIL PROTECTED] Voice: (360) 397-6121 x4658 Fax: (360) 759-6001 -----Original Message----- From: Akerlund, Scott [mailto:[EMAIL PROTECTED]] Sent: Monday, December 03, 2001 1:09 PM To: Powell, Ken Subject: RE: New Groupshield install. You need to download and setup the Name Resolver utility that is a part of this. I believe this only works if you are quarantining to the Database option and not a folder. -----Original Message----- From: Bean, Rick [mailto:[EMAIL PROTECTED]] Sent: Monday, December 03, 2001 12:57 PM To: Exchange Discussions Subject: New Groupshield install. We just installed McAfee GroupShield 4.5SP1 on our Exchange 5.5 server. When we receive an attachment that had a virus it is deleted and we get a notification message. However when we look at it the only information present is the ticket number and the virus type. The intended recipient, sender, and subject fields are all listed as unknown. Is this normal behavior? Or is there some patches that we don't know about? It seems to me to be kind of silly not to let the admin know who the infected message was going to. Details: NT 4.0 SP6a Exchange 5.5 SP 4 GroupShield 4.5 SP1 Thank for any help. -Rick B ---------------------------------------------------------------------------- Rick Bean [EMAIL PROTECTED] http://grove.ufl.edu/~rickb Network Administrator: UF Dept. of Ob/Gyn _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
