Darn, how could I have missed that opportunity?! Seriously though, if you can block them at the point where they come into your system, or, as is possible with some software, like Antigen, if you can just block LNK files that are really executables, then it's definitely worth it. The LNK extension has been used before by viruses, notably Sircam, so this isn't just a theoretical vulnerability.
-Peter -----Original Message----- From: Tom Meunier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 10:40 To: Exchange Discussions Subject: RE: Attachments to block I thought you were waiting for the "missing .lnk" jokes to stop coming in. > -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Posted At: Tuesday, May 07, 2002 12:34 PM > Posted To: MSExchange Mailing List > Conversation: Attachments to block > Subject: RE: Attachments to block > > > No it isn't. LNK is one of those "Take it or leave it" ones > for me. I still cannot decide how I feel about it. > > -----Original Message----- > From: Durkee, Peter [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 07, 2002 10:10 AM > To: Exchange Discussions > Subject: RE: Attachments to block > > > I just noticed that LNK isn't on the list. > > -Peter > > > -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 07, 2002 9:18 > To: Exchange Discussions > Subject: RE: Attachments to block > > > Yes, its in there. Appendix J I think > > -----Original Message----- > From: Hunter, Lori [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 07, 2002 8:49 AM > To: Exchange Discussions > Subject: RE: Attachments to block > > > FAQ? Isn't it in there Martin? > > Search for the "Martin Blackstone List" on google then. > > -----Original Message----- > From: Niki Blowfield : Exchange [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 07, 2002 3:49 AM > To: Exchange Discussions > Subject: Attachments to block > > > Dear All, > > I havent had any success searching the archives to get the > answer to this no doubt frequentley asked question > > Does anyone have a resource for a list of attachments that > should be blocked at our Exchange Server? > > We have Trend Scanmail which makes it very easy to block > attachments, and I have put into here manually some > extensions that I believe should be stopped, as well as some > I have picked up from web searches. > > Is it reasonable to block all htm/html attachments? One of > our clients got an alert about the Klez virus last week, > which it found in an attached htm file which was in the Temp > internet folder cache, Officescan quarantined it okay. This > threw me somewhat as I assumed we would be protected by an up > to date Scanmail looking for the various BAT EXE or SCR extensions > > Any examples of a list of file extensions you block would be great > > Also, apart from the newest MS Security Bulletins, is the > windowsupdate site a reliable way of keeping clients and > servers secure? Obviously we pay particular attention to > updates on our servers, but rely on windowsupdate alone to > keep our clients up to date > > Thanks... > > Nik > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > ______________________________________________ > This message is private or privileged. If you are not the > person for whom this message is intended, please delete it > and notify me immediately, and please do not copy or send > this message to anyone else. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ______________________________________________ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
