But that's because they're being caught by the file filter, instead of the virus scanner, right?
-Peter -----Original Message----- From: Dunn, Nancy [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 11:10 To: Exchange Discussions Subject: RE: Virus activity I'm on version 6.5 also, and the attachments are being removed, but not the message. Nancy -----Original Message----- From: Durkee, Peter [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 1:58 PM To: Exchange Discussions Subject: RE: Virus activity I don't think that's true. I'm running 6.5 and when I do enable file filtering on the SMTP scan, the attachments get quarantined, and the messages are passed on just as they were under 6.2. I've done this for a few brief periods in the last few days so I could see the headers on some Klez messages and find out where they were really coming from. -Peter -----Original Message----- From: Harmon, Josh [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 10:52 To: Exchange Discussions Subject: RE: Virus activity I've been told that they do worm scanning before pattern matching in 6.5. If that's true that was a good, smart move. We're still running 6.2 so I can't confirm. -----Original Message----- From: Durkee, Peter [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 12:49 PM To: Exchange Discussions Subject: RE: Virus activity Importance: High The message doesn't have a virus, just a malformed MIME header, and once the attachment has been stripped, the virus scanner doesn't see that as being a problem. The way around this is to stop file filtering in your SMTP scan, instead doing it only at the Realtime scan level. That way only virus scanning occurs in the SMTP scan, and since Klez is in the Sybari worm list, all the Klez messages get purged by the worm purge feature. Alternatively, if you can get away with it, you can set Antigen to purge all incoming messages with EXE, SCR, BAT, and PIF files. -Peter -----Original Message----- From: Dunn, Nancy [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 10:29 To: Exchange Discussions Subject: RE: Virus activity We are getting a lot also, most are coming from Mexican businesses to our Mexico office. Antigen is stripping the attachments, but delivering the message. I thought the message also carried a virus, why isn't it removing the message also? Thanks Nancy -----Original Message----- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 1:21 PM To: Exchange Discussions Subject: Re: Virus activity Same here as well. - John Q - _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
