I don't think you'd ever see viruses being missed due to overload from purely external virus messages. You really need one or two people to open it internally and send it off to the entire GAL to achieve that level of saturation. I saw it happen a couple of times under the old MAPI Groupshield.
-Peter -----Original Message----- From: Hansen, Eric [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 14:41 To: Exchange Discussions Subject: RE: AV v. IMS question I personally have not seen this here either, we dropped groupshield a while back. It jsut struck me as odd cause that seems like a pretty MAJOR drawback. I remember when loveletter hti we got flodded, but nothing got through, but it really hit the bandwidth on our internet hard. Would you happen to know, outside of symantec.com, where i might be able to find more information on ESE? How it works and whatnot. e- -----Original Message----- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 3:41 PM To: Exchange Discussions Subject: RE: AV v. IMS question MAPI based scanners will overload and pass attachments. I have seen it happen personally (#1 reason I originally dumped Groupshield). There is some case study that says AVAPI can overload as well, but I have never heard of this happening for real. Apparently this isn't a problem at all for ESE based scanners. -----Original Message----- From: Hansen, Eric [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 2:35 PM To: Exchange Discussions Subject: AV v. IMS question Hi I was looking at some policy examples on rr.sans.org(we are gearing up for hippa) and I ran across this in a section talking about policy for AV on mail servers..... ** When large numbers of attachments must be blocked within a short period of time, such as during an outbreak of a new Microsoft Outlook Visual Basic virus, running attachment blocking on both the mail gateway and the internal mail server helps prevent infected attachments from slipping through due to overload. ** I wasn't aware of behavior such as this and was curious if this happened where a email server lets otherwise infected emails through because its getting overworked? I would imagine those items would bounce or queue up in some way or possibly even down the IMS and stop traffic. any thoughts? e- _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
