NAV for Exchange hasn't been MAPI based in quite a while, like 2.0 and pre 5.5 SP4. for Exchange 2000 it uses VSAPI 2.0
> This message is in MIME format. Since your mail reader does not understand > this format, some or all of this message may not be legible. > > ------_=_NextPart_001_01C1EC45.4CB08560 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > With MAPI based AV (like NAV) there is a timing gotcha. If Outlook = > goes to > grab mail at or around the same time it hits the mailbox, NAV may not = > get a > chance to look at it or clean it before Outlook drags it down to the = > PST. I > have seen it (during a couple of our virus attacks) let virused files > through to the client totally untouched. It did catch 99.9% of them, = > but > all it took was one virused attachment getting through to an = > unsuspecting > user . . . > =20 > =20 > mit freundlichen Gr=FC=DFen,(Best Regards),=20 > Steve Ropiak =20 > ZF Group NAO=20 > CERT, Exchange Administrator=20 > (207) 989-9115 voice=20 > (207) 989-8722 fax=20 > (513) 314-0197 cell=20 > [EMAIL PROTECTED] > -----Original Message----- > From: Ben Ong [mailto:[EMAIL PROTECTED]]=20 > Sent: Wednesday, April 24, 2002 9:14 PM > To: MS-Exchange Admin Issues > Subject: NAV for Exchange > > > =20 > Anyone having this problem, the nav for exchange detected the virus = > email > and said was deleted. > But it still send the infected emails to the recipient. > =20 > Subject of the message: Let's be friends > One or more attachments were deleted. > Attachment Status.bat was Deleted for the following reasons: > Virus W32.Klez.gen@mm was found. > =20 > Please help > =20 > =20 > Ben Ong > Thanks > =20 > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > > ATTENTION! The information contained in this E-mail may be CONFIDENTIAL = > and > PRIVILEGED. It is intended for individual or entity named above. If you = > are > not the intended recipient, please be notified that any use, review, > distribution or copying of this E-mail is strictly prohibited. If you = > have > received this E-mail by error, please delete it and notify the sender > immediately. Thank you.=20 > > ------_=_NextPart_001_01C1EC45.4CB08560 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML xmlns=3D"http://www.w3.org/TR/REC-html40"; xmlns:o =3D=20 > "urn:schemas-microsoft-com:office:office" xmlns:w =3D=20 > "urn:schemas-microsoft-com:office:word"><HEAD> > <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = > charset=3Diso-8859-1"> > <TITLE>Message</TITLE> > > <META content=3DWord.Document name=3DProgId> > <META content=3D"MSHTML 6.00.2715.400" name=3DGENERATOR> > <META content=3D"Microsoft Word 9" name=3DOriginator><LINK=20 > href=3D"cid:[EMAIL PROTECTED]"; rel=3DFile-List><!--[if gte = > mso 9]><xml> > <o:OfficeDocumentSettings> > <o:DoNotRelyOnCSS/> > </o:OfficeDocumentSettings> > </xml><![endif]--><!--[if gte mso 9]><xml> > <w:WordDocument> > <w:View>Normal</w:View> > <w:Zoom>0</w:Zoom> > <w:DocumentKind>DocumentEmail</w:DocumentKind> > <w:EnvelopeVis/> > <w:DrawingGridHorizontalSpacing>5 pt</w:DrawingGridHorizontalSpacing> > = > <w:DisplayHorizontalDrawingGridEvery>2</w:DisplayHorizontalDrawingGridEv= > ery> > = > <w:DisplayVerticalDrawingGridEvery>2</w:DisplayVerticalDrawingGridEvery>= > > <w:Compatibility> > <w:UseFELayout/> > </w:Compatibility> > </w:WordDocument> > </xml><![endif]--> > <STYLE>@font-face { > font-family: SimSun; > } > @font-face { > font-family: @SimSun; > } > @page Section1 {size: 595.45pt 841.7pt; margin: 72.0pt 66.95pt 72.0pt = > 89.85pt; mso-header-margin: 36.0pt; mso-footer-margin: 36.0pt; = > mso-paper-source: 0; } > P.MsoNormal { > FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Arial; = > mso-ansi-language: EN-GB; mso-style-parent: ""; mso-pagination: = > widow-orphan; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: = > SimSun; mso-fareast-language: ZH-CN > } > LI.MsoNormal { > FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Arial; = > mso-ansi-language: EN-GB; mso-style-parent: ""; mso-pagination: = > widow-orphan; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: = > SimSun; mso-fareast-language: ZH-CN > } > DIV.MsoNormal { > FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Arial; = > mso-ansi-language: EN-GB; mso-style-parent: ""; mso-pagination: = > widow-orphan; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: = > SimSun; mso-fareast-language: ZH-CN > } > P.MsoAutoSig { > FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Arial; = > mso-ansi-language: EN-GB; mso-pagination: widow-orphan; = > mso-bidi-font-size: 12.0pt; mso-fareast-font-family: SimSun; = > mso-fareast-language: ZH-CN > } > LI.MsoAutoSig { > FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Arial; = > mso-ansi-language: EN-GB; mso-pagination: widow-orphan; = > mso-bidi-font-size: 12.0pt; mso-fareast-font-family: SimSun; = > mso-fareast-language: ZH-CN > } > DIV.MsoAutoSig { > FONT-SIZE: 10pt; MARGIN: 0cm 0cm 0pt; FONT-FAMILY: Arial; = > mso-ansi-language: EN-GB; mso-pagination: widow-orphan; = > mso-bidi-font-size: 12.0pt; mso-fareast-font-family: SimSun; = > mso-fareast-language: ZH-CN > } > SPAN.EmailStyle15 { > COLOR: black; mso-style-type: personal-compose; mso-ansi-font-size: = > 10.0pt; mso-ascii-font-family: Arial; mso-hansi-font-family: Arial; = > mso-bidi-font-family: Arial > } > DIV.Section1 { > page: Section1 > } > </STYLE> > </HEAD> > <BODY lang=3DEN-US style=3D"tab-interval: 36.0pt"> > <DIV><SPAN class=3D132043210-25042002><FONT face=3DArial = > color=3D#0000ff size=3D2>With=20 > MAPI based AV (like NAV) there is a timing gotcha. If Outlook = > goes to grab=20 > mail at or around the same time it hits the mailbox, NAV may not get a = > chance to=20 > look at it or clean it before Outlook drags it down to the PST. I = > have=20 > seen it (during a couple of our virus attacks) let virused files = > through to the=20 > client totally untouched. It did catch 99.9% of them, but all it = > took was=20 > one virused attachment getting through to an unsuspecting user . .=20 > .</FONT></SPAN></DIV> > <DIV> </DIV> > <DIV> </DIV> > <DIV align=3Dleft><B><I><FONT size=3D2> > <P align=3Dleft>mit freundlichen Gr=FC=DFen</FONT><FONT face=3D"Courier = > New"=20 > size=3D2>,</B></I>(Best Regards),</FONT><FONT face=3D"Times New Roman"> = > > <BR></FONT><FONT face=3DTahoma size=3D5>Steve Ropiak </FONT><FONT = > > face=3D"Times New Roman"><BR></FONT><FONT face=3DArial size=3D2>ZF = > Group NAO=20 > </FONT><FONT face=3D"Times New Roman"><BR></FONT><FONT face=3DArial = > size=3D2>CERT,=20 > Exchange Administrator</FONT><FONT face=3D"Times New Roman"> = > <BR></FONT><FONT=20 > face=3DArial size=3D2>(207) 989-9115 voice</FONT><FONT face=3D"Times = > New Roman">=20 > <BR></FONT><FONT face=3DArial size=3D2>(207) 989-8722 fax</FONT><FONT=20 > face=3D"Times New Roman"> <BR></FONT><FONT face=3DArial size=3D2>(513) = > 314-0197=20 > cell</FONT><FONT face=3D"Times New Roman"> </P></FONT><FONT = > face=3DArial size=3D2> > <P>[EMAIL PROTECTED]</P></FONT></DIV> > <BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px"> > <DIV></DIV> > <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr = > align=3Dleft><FONT=20 > face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B> Ben = > Ong=20 > [mailto:[EMAIL PROTECTED]] <BR><B>Sent:</B> Wednesday, April 24, = > 2002 9:14=20 > PM<BR><B>To:</B> MS-Exchange Admin Issues<BR><B>Subject:</B> NAV for=20 > Exchange<BR><BR></FONT></DIV> > <DIV class=3DSection1> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN style=3D"FONT-SIZE: 10pt; mso-ansi-language: = > EN-US"><![if = > !supportEmptyParas]><![endif]> </SPAN></FONT></SPAN><SPAN=20 > class=3DEmailStyle15><FONT color=3Dblack><SPAN=20 > style=3D"mso-ansi-language: = > EN-US"><o:p></o:p></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN style=3D"FONT-SIZE: 10pt; mso-ansi-language: = > EN-US"><SPAN=20 > style=3D"mso-bidi-font-size: 12.0pt">Anyone having this problem, the = > nav for=20 > exchange detected the virus email and said was=20 > deleted.<o:p></o:p></SPAN></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN style=3D"FONT-SIZE: 10pt; mso-ansi-language: = > EN-US"><SPAN=20 > style=3D"mso-bidi-font-size: 12.0pt">But it still send the infected = > emails to=20 > the r</SPAN></SPAN></FONT></SPAN><FONT face=3D"Courier New" = > color=3Dblack><SPAN=20 > lang=3DEN-GB=20 > style=3D"COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US">ecipient.</SPAN></FONT><SPAN=20 > class=3DEmailStyle15><FONT color=3Dblack><SPAN=20 > style=3D"mso-ansi-language: = > EN-US"><o:p></o:p></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN style=3D"FONT-SIZE: 10pt; mso-ansi-language: = > EN-US"><![if = > !supportEmptyParas]><![endif]> </SPAN></FONT></SPAN><SPAN=20 > class=3DEmailStyle15><FONT color=3Dblack><SPAN=20 > style=3D"mso-ansi-language: = > EN-US"><o:p></o:p></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT=20 > face=3D"Courier New" color=3Dblack size=3D2><SPAN lang=3DEN-GB=20 > style=3D"FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US">Subject=20 > of the message:<SPAN style=3D"mso-spacerun: yes"> </SPAN>Let's = > be=20 > friends</SPAN></FONT><FONT face=3D"Courier New" color=3Dblack><SPAN = > lang=3DEN-GB=20 > style=3D"COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US; mso-color-alt: = > windowtext"><o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT=20 > face=3D"Courier New" color=3Dblack size=3D2><SPAN lang=3DEN-GB=20 > style=3D"FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US">One=20 > or more attachments were deleted.</SPAN></FONT><FONT face=3D"Courier = > New"=20 > color=3Dblack><SPAN lang=3DEN-GB=20 > style=3D"COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US; mso-color-alt: = > windowtext"><o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT=20 > face=3D"Courier New" color=3Dblack size=3D2><SPAN lang=3DEN-GB=20 > style=3D"FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US"><SPAN=20 > style=3D"mso-spacerun: yes"> </SPAN>Attachment Status.bat was = > Deleted for=20 > the following reasons:</SPAN></FONT><FONT face=3D"Courier New" = > color=3Dblack><SPAN=20 > lang=3DEN-GB=20 > style=3D"COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US; mso-color-alt: = > windowtext"><o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT=20 > face=3D"Courier New" color=3Dblack size=3D2><SPAN lang=3DEN-GB=20 > style=3D"FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US"><SPAN=20 > style=3D"mso-spacerun: yes"> </SPAN>Virus = > W32.Klez.gen@mm was=20 > found.</SPAN></FONT><FONT face=3D"Courier New" color=3Dblack><SPAN = > lang=3DEN-GB=20 > style=3D"COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US; mso-color-alt: = > windowtext"><o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal style=3D"mso-layout-grid-align: none"><FONT=20 > face=3D"Courier New" color=3Dblack size=3D2><SPAN lang=3DEN-GB=20 > style=3D"FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US"><![if = > !supportEmptyParas]><![endif]> </SPAN></FONT><FONT=20 > face=3D"Courier New" color=3Dblack><SPAN lang=3DEN-GB=20 > style=3D"COLOR: black; FONT-FAMILY: 'Courier New'; = > mso-bidi-font-size: 10.0pt; mso-fareast-font-family: 'Times New Roman'; = > mso-fareast-language: EN-US; mso-color-alt: = > windowtext"><o:p></o:p></SPAN></FONT></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN lang=3DEN-GB style=3D"FONT-SIZE: 10pt"><SPAN=20 > style=3D"mso-bidi-font-size: 12.0pt">Please=20 > help<o:p></o:p></SPAN></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN lang=3DEN-GB style=3D"FONT-SIZE: 10pt"><![if = > !supportEmptyParas]><![endif]> </SPAN><SPAN=20 > lang=3DEN-GB><o:p></o:p></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN lang=3DEN-GB style=3D"FONT-SIZE: 10pt"><![if = > !supportEmptyParas]><![endif]> </SPAN><SPAN=20 > lang=3DEN-GB><o:p></o:p></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN lang=3DEN-GB style=3D"FONT-SIZE: 10pt"><SPAN=20 > style=3D"mso-bidi-font-size: 12.0pt">Ben=20 > Ong<o:p></o:p></SPAN></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN lang=3DEN-GB style=3D"FONT-SIZE: 10pt"><SPAN=20 > style=3D"mso-bidi-font-size: = > 12.0pt">Thanks<o:p></o:p></SPAN></SPAN></FONT></SPAN></P> > <P class=3DMsoNormal><SPAN class=3DEmailStyle15><FONT face=3DArial = > color=3Dblack=20 > size=3D2><SPAN lang=3DEN-GB style=3D"FONT-SIZE: 10pt"><![if = > !supportEmptyParas]><![endif]> </SPAN><SPAN=20 > lang=3DEN-GB><o:p></o:p></SPAN></FONT></SPAN></P></DIV>List Charter = > and FAQ=20 > = > at:<BR>http://www.sunbelt-software.com/exchange_list_charter.htm<BR><BR>= > > <P><B><FONT face=3DArial size=3D2>ATTENTION! The information = > contained in this=20 > E-mail may be CONFIDENTIAL and PRIVILEGED. It is intended for = > individual or=20 > entity named above. If you are not the intended recipient, please be = > notified=20 > that any use, review, distribution or copying of this E-mail is = > strictly=20 > prohibited. If you have received this E-mail by error, please delete = > it and=20 > notify the sender immediately. Thank you.=20 > </FONT></B></P></BLOCKQUOTE> List Charter and FAQ at:<BR> http://www.sunbelt-software.com/exchange_list_charter.htm<BR> </BODY></HTML> > > ------_=_NextPart_001_01C1EC45.4CB08560--
