Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Password Protected Zip Files
  FAQ FAQ  Forum Search   Register Register  Login Login

Password Protected Zip Files
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
kspare View Drop Down
Senior Member
Senior Member


Joined: 26 January 2005
Location: Canada
Status: Offline
Points: 334 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kspare Quote  Post ReplyReply Direct Link To This Post Topic: Password Protected Zip Files
    Posted: 04 March 2004 at 12:01am

Because of the recent virus with a password protected zip, I am blocking zip files, the only software that can detect this virus without extracting the file inside that I have found is groupshield, so what is everyone doing to protect against this? I realize you can educate end users but let's face it, most of them have problems finding the power button for their monitor before callin in a help desk call because their computer is dead.....

I run trend, nai and symantec virus gateways and it makes it past all of these.....any ideas?
Back to Top
George View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote George Quote  Post ReplyReply Direct Link To This Post Posted: 04 March 2004 at 12:16am

I have been having good results with NetShield from NAI. Unfortunatly it is no longer available from NAI. I have been trapping and deleteing all three of the current outbreak virus's Netsky.d, Mydoom.f and Bagle.j. The ones that make it past the attachment filter get caught in the que folder with Netshield. Any that get past that scan get scanned once more on the mail server which has more time to perform scans since most incoming mail tends to sit awhile before it gets retrieved.

Since I upgraded to SF2.0302 I have noticed that I have not had any dialup clients get a virus so the new attachment filter seems to be working pretty good now.

g
Back to Top
kspare View Drop Down
Senior Member
Senior Member


Joined: 26 January 2005
Location: Canada
Status: Offline
Points: 334 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kspare Quote  Post ReplyReply Direct Link To This Post Posted: 04 March 2004 at 8:31am
Kinda the same thing I am doing, except I don't really want to block *.zip but due to the fact that only exchange server virus software is able to find the virus in a password protected zip file, I have to until this virus goes away. I guess i'll have to keep doing this for now.
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 04 March 2004 at 8:38am

WebShield SMTP 4.5 (nai) as of 24 hours ago, does block the new varient of bagle. However, in addition, I sent the following to all our customers prior to getting the updated "Dat" file.

We have just been alerted by one of our customers of a Virus Warning CLAIMING to come from us (Mags Net).  They have forwarded the message to me and I am looking into it now.  DO NOT, under any circumstances EVER open any attachments claiming to have come from Mags Net support.  We will NEVER send any attachments to our customers, password protected (as this one claims) or otherwise.
 
The message, in all probability, is a virus and we will do what ever is needed to make sure this does not spread.
 
Also please note that the Mags Net personnel, are fairly literate and a lot of the bogus messages claiming to be special virus fixes are usually filled with grammatical errors along with spelling errors.  We (and especially myself) do, however misspell and miss type but the errors in the above type of messages are more obvious than simple errors.
 
As usual, please do not ever open any attachments that you are not specifically expecting.

Regards,

Dan S.
Back to Top
kspare View Drop Down
Senior Member
Senior Member


Joined: 26 January 2005
Location: Canada
Status: Offline
Points: 334 		Post Options Post Options   Thanks (0) Thanks(0)   Quote kspare Quote  Post ReplyReply Direct Link To This Post Posted: 04 March 2004 at 9:24am
Ok, nevermind :) I was missing a patch for webshield, it's working now :) <insert pointing and laughter here>
Back to Top
eric View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote eric Quote  Post ReplyReply Direct Link To This Post Posted: 04 March 2004 at 8:13pm

logsat tcp 25 -> webshieldmr1a tcp 26 -> mailproduct tcp 27

way to go !

no virus for my 3500 users so far... logsat kills spam en 30% of the virusses,

webshield kills virusses, use autoupdate every 2 hours on the nearest nai.com mirror,

and then the default mailproduct you use ... i have 1 server running it all on 1 nic.

(logsat to webshield to software.com post.office)

great combination of products. high performance.

-eric-
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.191 seconds.

Copyright (c)2002-2025 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us