No, unfortunately I haven't found a good test here and yes they are on the
increase. Gr
-Marc
- Original Message -
From: Glenn Brooks
To: [EMAIL PROTECTED]
Sent: Monday, March 29, 2004 8:02 PM
Subject: RE: [Declude.JunkMail] weird random .htm attachments
Has anyone set up a filt
I filter on this "+ String.fromCharCode("
This is common in all of them. Combined with other tests it catches most.
Mike
- Original Message -
From: "Glenn Brooks" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 29, 2004 20:02
Subject: RE: [Declude.JunkMail] weird rando
so you do a body filter?
At 09:00 AM 3/30/2004 -0500, you wrote:
I filter on this "+ String.fromCharCode("
This is common in all of them. Combined with other tests it catches most.
Mike
- Original Message -
From: "Glenn Brooks" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday,
yes
Mike
- Original Message -
From: "Glenn Brooks" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 30, 2004 09:20
Subject: Re: [Declude.JunkMail] weird random .htm attachments
> so you do a body filter?
>
> At 09:00 AM 3/30/2004 -0500, you wrote:
> >I filter on this "+
Great idea!
-Original Message-
From: Joe Wolf [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 9:51 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Strange MONKEYFORMMAIL problems
I try to look at the config files on a regular basis, but I have to
print both of them out
Management wants to do web usage mainitoring. They do not at this time want
to do blocking. We have a pix firewall that does what Cisco calls URL
logging but in relaity it does not log the url but the ip address of the
server and the path on the server to the document being viewed.
What they want
web trends firewall suite maybe?
- Original Message -
From: "Kevin Bilbee" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 30, 2004 2:43 PM
Subject: [Declude.JunkMail] OT: Internet Usage Monitoring
> Management wants to do web usage mainitoring. They do not at this time
Monster.com?? LOL -Just kidding.
Can the PIX log to a syslog server?
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
702.319.4349
www.xidix.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee
Sent: Tuesday, March 30, 2004 12:43 PM
To
PIX connected to WebSense connected to SQL(or MSDE) will accomplish this
goal.
-Original Message-
From: Doug Anderson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 30, 2004 12:52 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] OT: Internet Usage Monitoring
web trends firewa
One caveat to the suggestions is that many smaller sites now share the
same IP with host headers. If you can't capture the domain used, this
information will be lost in those instances. I'm not sure that there is
a reliable way to convert IP's to domains on static sites either since
all that
Yep...We use it with Kiwi for logging. Didn't give us everything we wanted
though (for monitoring bandwidth needs of various servers), so we now use
logging from managed switches instead.
Darin.
- Original Message -
From: "Todd Holt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tu
On 30 Mar 2004 at 12:43, Kevin Bilbee wrote:
Here we *used* a product called LittleBrother. It would produce
complete tracking reports for every user. Very complete. Simple to
use.
Not sure if it is still avail. We stopped using it because of
privacy/union concerns.
-Nick Haye
I am in the process of reviewing replacements for WebSense in our network
(it is much too expensive for our small organization).
I have found 2 products so far that show promise:
Web Inspector from Zixcorp.com
And
Sentian at N2H2.com
The former uses a pass-by model with packet spoofing to monito
Yes it does log to a syslog server. And I am currently doing that. They do
not like the format.
This is from our Kiwi syslog
10.1.50.253 pixfirewall %PIX-5-304001: 68.123.166.135 Accessed URL
12.9.25.243:/diyguide.shtm
Notice the Accessed URL it is an ip address not the host name. This is all
> What they want is a log of client ip and url including the host
> name. They also do not want to abandon the PIX.
You might seriously want to consider putting up an HTTP
proxy--transparent or standard. And though I'm not the type to blindly
tout Unix-only stuff in Windows gro
I have to agree that is why I am asking this list with diverse experience.
My research to this point supports your comment.
I am thinking about downloading the trial versions of Websense and N2H2 to
get a comparison and determine it the PIX integeration also supplies the
host name in the reporting
The Pix doesn't log the hostname...at least not the 515s we usually work
withonly the IP address.
Darin.
- Original Message -
From: "Kevin Bilbee" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 30, 2004 5:47 PM
Subject: RE: [Declude.JunkMail] OT: Internet Usage Mon
I called Cisco and the reason the 515s do not log the host name is because
the pix does not look at the data in the packet(s) for the host header
information
Kind of usless as a url looger.
Kevin Bilbee
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behal
1. I've been reviewing the log files and what is the meaning of the following log
entries:
03/30/2004 00:08:28 Q0ecf080d00fe32c8 L2 Message OK
03/30/2004 18:30:27 Q111b18cd00a62426 L1 Message OK
2. How can you disable or adjust the score for disabling "Bypassing whitelisting"?
Bypassing whi
1. I've been reviewing the log files and what is the meaning of the
following log entries:
03/30/2004 00:08:28 Q0ecf080d00fe32c8 L2 Message OK
03/30/2004 18:30:27 Q111b18cd00a62426 L1 Message OK
The "L" means a local recipient (incoming E-mail); an "R" means a remote
recipient (outgoing). The
So you use something like like.
BODY 10CONTAINS+ String.fromCharCode(
- Original Message -
From: "Glenn Brooks" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 30, 2004 9:20 AM
Subject: Re: [Declude.JunkMail] weird random .htm attachments
> so you do a body
Below is a log for a single email, the last line indicates that ther was an error #
183. I have checked and these files are still sitting in the spool directory, Virus
scanning is excluding the following directories
z:\IMAIL
Z:\IMAIL\SPOOL
Z:\IMAIL\SPOOL\VIRUS
Any ideas as to other possible c
Try the following, assuming that you are running McAfee as your scanner:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg13155.html
There are also other mentions of error #183 in the archive that may be
of use.
Matt
Kornitz, David wrote:
Below is a log for a single email, the last line in
Matt,
Thanks, but I had already reviewed that series of postsI should also
mention that the C:\temp and c:\windows\temp are also exclude from Virus Scanning.
David
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Matt
Sent: Tuesday, March 30, 20
24 matches
Mail list logo