Only blocking .exe's would still leave you open anyway. The NIMDA virus was propagating via .EML attachments too. I would suggest blocking: .exe, .com, .scr, .vbs, .eml
You can use a proxy server to filter domains. For instance you can block mail.*, this would block most mail.whateverdomain.com's which is what seems to be the most effective block that I know of. Their are plenty more you can find though. It's tough but you can find most of the big ones and if you really want to hunt for them, turn on logging on the proxy and check out the sites your users are going to for mail. When I was at Merck they had an application running on their proxy that would catch keywords. It was interesting. I visited one site and then later on when I revisited, there was a block. So I started testing it by going to various sites and within a couple of hours the sites were blocked. It was damn annoying but very effective. So now you can become the webmail and porn site nazi! John -----Original Message----- From: Byron Kennedy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 2:40 PM To: NT 2000 Discussions Cc: '[EMAIL PROTECTED]' Subject: RE: 3rd party emails Hi Eric, Recognizing a business need for these accounts we're looking at http/ftp proxy solutions to filter malicious content out of the transaction. We're seriously looking at GFI's content filter for ISA, WebSweeper and Symantec's web-filtering product included with NAV CE. I'd be really interested if other have thoughts on these solutions. cheers.byron -----Original Message----- From: Hansen, Eric [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 26, 2001 10:18 AM To: Exchange Discussions Subject: 3rd party emails Hello We got hit pretty hard by nimda last week. Our IIS servers were patched, and our Exchange servers were blocking EXE's. In that 20 something hour window before Symantec released a DAT we thought we were secure. It turns out we got infected by a employee who had a 3rd party web based email client, be it hotmail or sisna or whatever. In a effort to stop all 3rd party email we have made it policy only company email is accepted in house. But it goes beyond that, it only takes one employee screwing around to cause us a major problem. So my question is how can we effectively stop these 3rd party email web clients. At first we thought to block all of them by IP at the router and firewall, but there are TONS of IP's to be blocked. So I had the thought as I was making a change to a host file one day. Is there a way to make a change to our DNS server and tell it that for example all requests for 'www.hotmail.com' go to some IP in house? Or is there a better way to do this? E _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
