VIRUS= W32/Sobig-F (Sophos,NAI) worm

system · August 22, 2003, 1:25pm

Outlook 2000 sp3. Updated via the ms office website.

The attachment blocking can really be a nuisance, but in this case it made
Sobig harmless.

Edward F. Fox, Jr., CPA
Controller
Maxson Automatic Machinery Company
Phone: 401-596-0162 x110
Fax: 401-596-1050
www.maxsonautomatic.com

-----Original Message-----
From: Todd Caughey [mailto:caugheyt@...]
Sent: Friday, August 22, 2003 12:24 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

What version of Outlook would this be? I had to implement Symantec's
Anti-virus Filtering for Exchange before I could start blocking specific
attachment types (PIF,SCR,EXE,VBS).

Two questions for the group on blocking attachments:
1. Any other types I should add?
2. What is your policy about informing recipient of blocking? I have system
send an email informing it was quarantined but users are getting annoyed by
the extra messages. I have to let them know though incase a customer has
sent a part drawing via self extracting viewer in an .exe routine.

-Todd C.

-----Original Message-----
From: Edward F. Fox, Jr. [mailto:efox@...]
Sent: Friday, August 22, 2003 10:24 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

I think Outlook strips off the "bad" attachments. Not one Sobig attachment
made it to my machine.

Edward F. Fox, Jr., CPA
Controller
Maxson Automatic Machinery Company
Phone: 401-596-0162 x110
Fax: 401-596-1050
www.maxsonautomatic.com

[Non-text portions of this message have been removed]

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

[Non-text portions of this message have been removed]

system · August 20, 2003, 7:56am

It's a good thing we don't allow attachements. Because mogden@mortonmfg
would have sent us the W32/Sobig-F worm. Then again it could be from
someone with mogden email in their address book.
It arrives in a message with one of the following subjects:
Re: Thank you!
Thank you!
Your details
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
The attachment name is chosen at random from the following list:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

system · August 20, 2003, 11:03am

Test ?i It's getting way hard to keep up with all these worms, trojans and
viruses. I would think it would keep those geek trolls who keep writing
them busy enough just coming up with the screwball names. Test ?i Here's
a quote from the NAI site - "Once running, the worm terminates and deletes
the W32/Lovsan.worm.a process and applies the Microsoft patch to prevent
other threats from infecting the system through the same hole." Interesting
application of testosterone, arrogance and virtuosity. Test ?i

Gary Polvinale

-----Original Message-----
From: Dunn, Nancy [mailto:ndunn@...]
Sent: Wednesday, August 20, 2003 7:54 AM
To: Vantage Onelist (E-mail)
Subject: [Vantage] VIRUS= W32/Sobig-F (Sophos,NAI) worm.

It's a good thing we don't allow attachements. Because mogden@mortonmfg
would have sent us the W32/Sobig-F worm. Then again it could be from
someone with mogden email in their address book.
It arrives in a message with one of the following subjects:
Re: Thank you!
Thank you!
Your details
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
The attachment name is chosen at random from the following list:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

system · August 20, 2003, 11:16am

Ya know, thereâ€™s a reason they make ExLax in chocolate flavor.

Shirley

-----Original Message-----
From: Gary Polvinale [mailto:garyp@...]
Sent: Wednesday, August 20, 2003 10:13 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] VIRUS= W32/Sobig-F (Sophos,NAI) worm.

Test ?i It's getting way hard to keep up with all these worms, trojans
and
viruses. I would think it would keep those geek trolls who keep writing
them busy enough just coming up with the screwball names. Test ?i
Here's
a quote from the NAI site - "Once running, the worm terminates and
deletes
the W32/Lovsan.worm.a process and applies the Microsoft patch to prevent
other threats from infecting the system through the same hole."
Interesting
application of testosterone, arrogance and virtuosity. Test ?i

Gary Polvinale

-----Original Message-----
From: Dunn, Nancy [mailto:ndunn@...]
Sent: Wednesday, August 20, 2003 7:54 AM
To: Vantage Onelist (E-mail)
Subject: [Vantage] VIRUS= W32/Sobig-F (Sophos,NAI) worm.

It's a good thing we don't allow attachements. Because
mogden@mortonmfg
would have sent us the W32/Sobig-F worm. Then again it could be from
someone with mogden email in their address book.
It arrives in a message with one of the following subjects:
Re: Thank you!
Thank you!
Your details
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
The attachment name is chosen at random from the following list:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder
and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/

Yahoo! Groups Sponsor

<http://rd.yahoo.com/M=259395.3614674.4902533.1261774/D=egroupweb/S=1705
007183:HM/A=1524963/R=0/SIG=12o885gmo/*http:/hits.411web.com/cgi-bin/aut
oredir?camp=556&lineid=3614674âˆ=egroupweb&pos=HM>

<http://us.adserver.yahoo.com/l?M=259395.3614674.4902533.1261774/D=egrou
pmail/S=:HM/A=1524963/rand=138637422>

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder
and Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to the Yahoo!
<http://docs.yahoo.com/info/terms/> Terms of Service.

Tracking #: 3C58718BC69EEC40A6182F545F75506C4122AE2A

[Non-text portions of this message have been removed]

system · August 20, 2003, 11:49am

Test ?i Note: My previous description from the NAI site refers to the
Nachi worm.

Gary

-----Original Message-----
From: Dunn, Nancy [mailto:ndunn@...]
Sent: Wednesday, August 20, 2003 7:54 AM
To: Vantage Onelist (E-mail)
Subject: [Vantage] VIRUS= W32/Sobig-F (Sophos,NAI) worm.

It's a good thing we don't allow attachements. Because mogden@mortonmfg
would have sent us the W32/Sobig-F worm. Then again it could be from
someone with mogden email in their address book.
It arrives in a message with one of the following subjects:
Re: Thank you!
Thank you!
Your details
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
The attachment name is chosen at random from the following list:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

system · August 20, 2003, 3:26pm

One of the tech sites that I visit on a regular basis summed up
Viruses/Trojans/Spyware best by saying

Then I get home and watch as my email gets bombed by the Sobig virus,
and I sit there and think to myself, who is the idiot that still
opens email attachments? Who doesn't run a virus checker that is up
to date, in this day an age, especially one week after MSBlaster?
Because I swear on my left toe if I find you people, I'm revoking
your PC access and giving you a highly used Apple II with no power
supply until you friggin' learn.

I mean, people who will not go shopping when we hit an Orange Alert,
who won't get gas in Omaha because of snipers in West Virginia, who
don't smoke and eat their peas and never ever step on a crack in the
sidewalk continue to do stupid things on the PC that end up bugging
everybody. I wouldn't care if you just infected you, but my email is
the one with over 200 of the things, AND is the one getting spoofed
to make others think I'm the infected idiot.

MSBlast, at least, could infect you without you doing anything. I
can't even tell you how many folks came back from vacation and got
infected before they could even update their anti virus program, much
less apply the patch. So it's excusable. But there is no excuse for
email infections, people. Email isn't new. We didn't just discover it
under a mystic shroud somewhere, surrounded by nekked angels singing
hosannas. Getting infected by an email virus is like running out of
gas when you own the oil company. It's stupid!

system · August 20, 2003, 3:33pm

I want to know who actually buys from telemarketers. Someone must or
there wouldn't be any. Don't even get me started with spam, junk mail
or pop ups.

-----Original Message-----
From: meco_inc_paris [mailto:admin@...]
Sent: Wednesday, August 20, 2003 2:25 PM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

One of the tech sites that I visit on a regular basis summed up
Viruses/Trojans/Spyware best by saying

Then I get home and watch as my email gets bombed by the Sobig virus,
and I sit there and think to myself, who is the idiot that still
opens email attachments? Who doesn't run a virus checker that is up
to date, in this day an age, especially one week after MSBlaster?
Because I swear on my left toe if I find you people, I'm revoking
your PC access and giving you a highly used Apple II with no power
supply until you friggin' learn.

I mean, people who will not go shopping when we hit an Orange Alert,
who won't get gas in Omaha because of snipers in West Virginia, who
don't smoke and eat their peas and never ever step on a crack in the
sidewalk continue to do stupid things on the PC that end up bugging
everybody. I wouldn't care if you just infected you, but my email is
the one with over 200 of the things, AND is the one getting spoofed
to make others think I'm the infected idiot.

MSBlast, at least, could infect you without you doing anything. I
can't even tell you how many folks came back from vacation and got
infected before they could even update their anti virus program, much
less apply the patch. So it's excusable. But there is no excuse for
email infections, people. Email isn't new. We didn't just discover it
under a mystic shroud somewhere, surrounded by nekked angels singing
hosannas. Getting infected by an email virus is like running out of
gas when you own the oil company. It's stupid!

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder
and Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/

system · August 20, 2003, 3:51pm

For these reasons I have blocked all dangerous attachment types (Symantec AVF for Exchange) and auto-LiveUpdate all users from the server as soon as it updates. Biggest worry remaining is messages with web scripts and/or web links to sites that run scripts that infect machines. Hoping Symantec Web Filtering will handle this risk. I can't/won't depend on user reliability or conscientiousness because it just won't ever happen.
-Todd C.

-----Original Message-----
From: meco_inc_paris [mailto:admin@...]
Sent: Wednesday, August 20, 2003 2:25 PM
To: vantage@yahoogroups.com
Subject: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

One of the tech sites that I visit on a regular basis summed up
Viruses/Trojans/Spyware best by saying

Then I get home and watch as my email gets bombed by the Sobig virus,
and I sit there and think to myself, who is the idiot that still
opens email attachments? Who doesn't run a virus checker that is up
to date, in this day an age, especially one week after MSBlaster?
Because I swear on my left toe if I find you people, I'm revoking
your PC access and giving you a highly used Apple II with no power
supply until you friggin' learn.

I mean, people who will not go shopping when we hit an Orange Alert,
who won't get gas in Omaha because of snipers in West Virginia, who
don't smoke and eat their peas and never ever step on a crack in the
sidewalk continue to do stupid things on the PC that end up bugging
everybody. I wouldn't care if you just infected you, but my email is
the one with over 200 of the things, AND is the one getting spoofed
to make others think I'm the infected idiot.

MSBlast, at least, could infect you without you doing anything. I
can't even tell you how many folks came back from vacation and got
infected before they could even update their anti virus program, much
less apply the patch. So it's excusable. But there is no excuse for
email infections, people. Email isn't new. We didn't just discover it
under a mystic shroud somewhere, surrounded by nekked angels singing
hosannas. Getting infected by an email virus is like running out of
gas when you own the oil company. It's stupid!

Yahoo! Groups Sponsor

ADVERTISEMENT
<http://rd.yahoo.com/M=244522.3707890.4968055.1261774/D=egroupweb/S=1705007183:HM/A=1595056/R=0/SIG=124p07ne0/*http://ashnin.com/clk/muryutaitakenattogyo?YH=3707890&yhad=1595056> Click Here!
<http://us.adserver.yahoo.com/l?M=244522.3707890.4968055.1261774/D=egroupmail/S=:HM/A=1595056/rand=557764563>

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and Crystal Reports and other 'goodies', please goto: http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto: http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto: http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service <http://docs.yahoo.com/info/terms/> .

[Non-text portions of this message have been removed]

system · August 22, 2003, 10:47am

All,
I got sick and tired of the SOBIG.F crap... After figuring out that the
majority of the flood of infected e-mail came from only a handful of
infected systems, I looked at the long headers of the e-mails and went after
the ISP's. All of them were very helpful in shutting down users, after I
provided them with copies of the headers. SOBIG.F is now down to a mere
trickle...

Paul

system · August 22, 2003, 11:10am

All,

Just wanted to mention that we use something called MailScanner here
(www.mailscanner.info) which does a great job at stripping off .exe, .vbs,
.scr etc email attachments not to mention cutting spam down to a trickle.

The software is free, but you do have to dedicate at least an old PC as an
email gateway, and you have to have moderate Linux or Unix skills to set it
up. Probably worth spending a few bucks on a consultant to set this up.

I got a lot of pats on the back when this went live, believe me.

Gordon Schindell
Almac Machine Works, Ltd.

-----Original Message-----
From: Paul Siebers [mailto:paul.siebers@...]
Sent: Friday, August 22, 2003 8:35 AM
To: 'vantage@yahoogroups.com'
Subject: RE: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

All,
I got sick and tired of the SOBIG.F crap... After figuring out that the
majority of the flood of infected e-mail came from only a handful of
infected systems, I looked at the long headers of the e-mails and went after
the ISP's. All of them were very helpful in shutting down users, after I
provided them with copies of the headers. SOBIG.F is now down to a mere
trickle...

system · August 22, 2003, 11:19am

I went into our mail server and added all the Subject lines to the RFC822
receiver as Banned header lines. This cut ours back to nothing. Yesterday
I rejected about 300 e-mails at the mail server. If your running your own
mail server this seems to be the way to go with the SoBig.F

Paul L.
-----Original Message-----
From: Paul Siebers [mailto:paul.siebers@...]
Sent: Friday, August 22, 2003 9:35 AM
To: 'vantage@yahoogroups.com'
Subject: RE: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

All,
I got sick and tired of the SOBIG.F crap... After figuring out that the
majority of the flood of infected e-mail came from only a handful of
infected systems, I looked at the long headers of the e-mails and went
after
the ISP's. All of them were very helpful in shutting down users, after I
provided them with copies of the headers. SOBIG.F is now down to a mere
trickle...

Paul

Yahoo! Groups Sponsor
ADVERTISEMENT

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

[Non-text portions of this message have been removed]

system · August 22, 2003, 11:27am

I am running a Linux mail server (POP3) on an old Compaq desktop in a
separate subnet from my clients and servers. The router that connects
these subnets has a product from CA called eTrust Antivirus Gateway that
is an application scanner (inspects packets above layer 3) and
denies/quarantines any packets identified with malicious code from CA's
most current DAT files. It was well worth the investment as I caught
well over 40 instances of this virus on Tuesday alone.

-----Original Message-----
From: Paul Lipham [mailto:pml@...]
Sent: Friday, August 22, 2003 10:00 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

I went into our mail server and added all the Subject lines to the
RFC822
receiver as Banned header lines. This cut ours back to nothing.
Yesterday
I rejected about 300 e-mails at the mail server. If your running your
own
mail server this seems to be the way to go with the SoBig.F

Paul L.
-----Original Message-----
From: Paul Siebers [mailto:paul.siebers@...]
Sent: Friday, August 22, 2003 9:35 AM
To: 'vantage@yahoogroups.com'
Subject: RE: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

All,
I got sick and tired of the SOBIG.F crap... After figuring out that
the
majority of the flood of infected e-mail came from only a handful of
infected systems, I looked at the long headers of the e-mails and went
after
the ISP's. All of them were very helpful in shutting down users,
after I
provided them with copies of the headers. SOBIG.F is now down to a
mere
trickle...

Paul

Yahoo! Groups Sponsor
ADVERTISEMENT

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder
and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

[Non-text portions of this message have been removed]

Yahoo! Groups Sponsor

ADVERTISEMENT

<http://rd.yahoo.com/M=261419.3724993.5015550.1269402/D=egroupweb/S=1705
007183:HM/A=1724960/R=0/SIG=136lkcakk/*http:/ads.x10.com/?type=href&line
id=3724993&property=egroupweb&aposition=HM&random=1061565571267886>

<http://us.adserver.yahoo.com/l?M=261419.3724993.5015550.1269402/D=egrou
pmail/S=:HM/A=1724960/rand=411811862>

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder
and Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
<http://groups.yahoo.com/group/vantage/files/>
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to the Yahoo!
<http://docs.yahoo.com/info/terms/> Terms of Service.

[Non-text portions of this message have been removed]

system · August 22, 2003, 11:53am

I think Outlook strips off the "bad" attachments. Not one Sobig attachment
made it to my machine.

Edward F. Fox, Jr., CPA
Controller
Maxson Automatic Machinery Company
Phone: 401-596-0162 x110
Fax: 401-596-1050
www.maxsonautomatic.com

-----Original Message-----
From: Gordon Schindell [mailto:gordons@...]
Sent: Friday, August 22, 2003 11:10 AM
To: 'vantage@yahoogroups.com'
Subject: RE: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

All,

Just wanted to mention that we use something called MailScanner here
(www.mailscanner.info) which does a great job at stripping off .exe, .vbs,
.scr etc email attachments not to mention cutting spam down to a trickle.

The software is free, but you do have to dedicate at least an old PC as an
email gateway, and you have to have moderate Linux or Unix skills to set it
up. Probably worth spending a few bucks on a consultant to set this up.

I got a lot of pats on the back when this went live, believe me.

Gordon Schindell
Almac Machine Works, Ltd.

-----Original Message-----
From: Paul Siebers [mailto:paul.siebers@...]
Sent: Friday, August 22, 2003 8:35 AM
To: 'vantage@yahoogroups.com'
Subject: RE: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

All,
I got sick and tired of the SOBIG.F crap... After figuring out that the
majority of the flood of infected e-mail came from only a handful of
infected systems, I looked at the long headers of the e-mails and went after
the ISP's. All of them were very helpful in shutting down users, after I
provided them with copies of the headers. SOBIG.F is now down to a mere
trickle...

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

system · August 22, 2003, 12:25pm

What version of Outlook would this be? I had to implement Symantec's Anti-virus Filtering for Exchange before I could start blocking specific attachment types (PIF,SCR,EXE,VBS).

Two questions for the group on blocking attachments:
1. Any other types I should add?
2. What is your policy about informing recipient of blocking? I have system send an email informing it was quarantined but users are getting annoyed by the extra messages. I have to let them know though incase a customer has sent a part drawing via self extracting viewer in an .exe routine.

-Todd C.

-----Original Message-----
From: Edward F. Fox, Jr. [mailto:efox@...]
Sent: Friday, August 22, 2003 10:24 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

I think Outlook strips off the "bad" attachments. Not one Sobig attachment
made it to my machine.

Edward F. Fox, Jr., CPA
Controller
Maxson Automatic Machinery Company
Phone: 401-596-0162 x110
Fax: 401-596-1050
www.maxsonautomatic.com

[Non-text portions of this message have been removed]

system · August 22, 2003, 12:48pm

I do inform both sender and intended recipient if I block an attachment. In
case there is a mass mailing virus with spoofed senders I will temporarily
suspend the noticfication. My users have learned to live with zipping
things up and renaming extensions, although I am not really happy with the
latter, but there is not much I can do to stop it....

The most important extensions to block are:
ade, adp, asx, bas, bat, chm, cmd, com, cpl, crt, exe, hlp, inf, ins, isp,
js, jse, lnk, mdb, mde, mdt, mdw, mdz, msc, msi, msp, pcd, pif, reg, scf,
scr, sct, shb, shs, url, vb, vbe, vbs, wsc, wsh

Did I forget any?

Paul

-----Original Message-----
From: Todd Caughey [mailto:caugheyt@...]
Sent: Friday, August 22, 2003 12:24 PM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

What version of Outlook would this be? I had to implement Symantec's
Anti-virus Filtering for Exchange before I could start blocking specific
attachment types (PIF,SCR,EXE,VBS).

Two questions for the group on blocking attachments:
1. Any other types I should add?
2. What is your policy about informing recipient of blocking? I have system
send an email informing it was quarantined but users are getting annoyed by
the extra messages. I have to let them know though incase a customer has
sent a part drawing via self extracting viewer in an .exe routine.

-Todd C.

-----Original Message-----
From: Edward F. Fox, Jr. [mailto:efox@...]
Sent: Friday, August 22, 2003 10:24 AM
To: vantage@yahoogroups.com
Subject: RE: [Vantage] Re: VIRUS= W32/Sobig-F (Sophos,NAI) worm.

I think Outlook strips off the "bad" attachments. Not one Sobig attachment
made it to my machine.

Edward F. Fox, Jr., CPA
Controller
Maxson Automatic Machinery Company
Phone: 401-596-0162 x110
Fax: 401-596-1050
www.maxsonautomatic.com

[Non-text portions of this message have been removed]

Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/