Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#94314 - 17/05/2002 09:20 klez exchange 5.5 nt4
darwin
enthusiast

Registered: 10/01/2002
Posts: 205
Most people know about the klez virus, but I was wondering how some of the Network Adminstrators are containing this virus.

Our mail server has NT4, Exchange 5.5 w/ McAfee Netshield. Our workstation clients run either w2k or win98 with Outlook 2000 and McAfee VirusScan 6.0.

One of our contacts that we work with a lot got the klez virus and we keep on gettin emails from him to our exchange server. The server's virus scan is unable to clean or delete the virus so it goes through to the workstations. The workstation's get the same thing about how it can't delete it too. The user ends up deleting the email w/out opening the attachment, but we're getting about 5-10 of these emails a day. I've tried the symantec klez cleaner but that doesn't stop new emails from coming in.

I was just wondering how other people are handling this virus. Also, I wanted to know if there is a way to block all *.vbs,*. pif, *.scr, *.bat, etc in exchange 5.5. Our company only sends word and office documents so we would have no need for those other file formats.

thanks

Top
#94315 - 17/05/2002 10:09 Re: klez exchange 5.5 nt4 [Re: darwin]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31594
Loc: Seattle, WA
We use Lotus Notes instead of exchange (won't spread the common viruses since there are no common Notes-targeted viruses), and we use Trend Micro's ScanMail agent for Lotus Notes to clean viruses. Nails Klez every time, no problem.
_________________________
Tony Fabris

Top
#94316 - 17/05/2002 10:13 Re: klez exchange 5.5 nt4 [Re: tfabris]
pgrzelak
carpal tunnel

Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
Greetings!

I just did time on a project to convert E5.5 to E2000. Painful. Very painful. I still wake up screaming and twitching in the night...

We have an antivirus layer (GroupShield 5.0), and use it to block all of the extensions. There might be a way to tie into an event sink under 2000, but I don't know if the same functionality is available under 5.5.

Is there any kind of filter mechanism in place in front of this server?


Edited by pgrzelak (17/05/2002 10:25)
_________________________
Paul Grzelak
200GB with 48MB RAM, Illuminated Buttons and Digital Outputs

Top
#94317 - 17/05/2002 10:38 Re: klez exchange 5.5 nt4 [Re: darwin]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Of course we can always depend on MS to come out with a fix here soon that does nothing for the problem, but adds another inconvience. I am one of the few people on my team not using Outlook at work, and get tired of forgetting that noone else on the team can receive .exe files. So after an e-mail exchange later, I get to zip up the exe file, then resend it.

Grr.

Top
#94318 - 17/05/2002 10:46 Re: klez exchange 5.5 nt4 [Re: darwin]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
Put a sane email server in front of the Exchange one. Something like exim or qmail (not sendmail) -- then you can get virus scanning plugins for them that'll remove the virus before it even reaches any of that Microsoft crap.
_________________________
-- roger

Top
#94319 - 17/05/2002 16:28 Re: klez exchange 5.5 nt4 [Re: tfabris]
crazymelki
enthusiast

Registered: 16/02/2001
Posts: 373
Loc: Switzerland
Same installation in our environment with LN and Trend Micro's ScanMail and same experience! It's a good choice of groupware and antivirus solution.

bye
_________________________
crazymelki.com

Top