"securitynotice.txt" again
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
"securitynotice.txt" again - 21.Mar.2004 10:08:00 PM
|
|
|
UnknownShadow
Posts: 52
Joined: 21.Mar.2004
Status: offline
|
I'm running Exchange 2003 with about 450 mailboxes. I'm currently trying out the trial versions of both ME and MS. The only thing keeping me from buying UNLIMITED licenses for both products is one simple but MAJOR problem...
When MailSecurity removes an attachment that was infected with a virus there is no way to stop the email from getting to the user with the new "securitynotice.txt" attachment. I get HUNDREDS of viruses hit my building every day and users have to manually delete these messages rather than having them dumped into their "Junk E-mail" folder. Not only is it a pain for people having to delete dozens of these every day but it's a pain for our helpdesk answering questions about these emails.
I tried modifying the notification template and appending "MOVE_TO_JUNK" to the end of the message. Then I setup a rule in Outlook to dump anything with "MOVE_TO_JUNK" in the body directly into the "Junk E-mail" folder. This would be an acceptable workaround except for one problem... "MOVE_TO_JUNK" gets appended to the securitynotice.txt file, not the body of the email.
Can we please get something added so we can at least modify the body of such emails (no matter if it's the body or attachment that was stripped) and then I can at least filter it out with Outlook rules. Or, can someone tell me how to tell Outlook to dump anything with an attachment called "securitynotice.txt" or MOVE_TO_JUNK contained in the attachment?
If I cannot find a workaround for this I will not be putting down the money for MS/ME. I'll have to look at another product. And that's too bad because I have been very impressed with both GFI ME and MS except for this one problem that would be so easy to fix. Just allow me to append to the body of any email where a virus was removed.
|
|
|
|
|
RE: "securitynotice.txt" again - 22.Mar.2004 9:34:00 AM
|
|
|
Patrizia
Posts: 8474
Joined: 18.Aug.2003
From: Malta
Status: offline
|
Hi,
Is MailSecurity installed in Gateway mode or in VS=API mode?
In the MailSecurity Configuration -> Right click on 'Virus Scanning Engines' -> Properties, what do you have selected?
|
|
|
|
|
RE: "securitynotice.txt" again - 22.Mar.2004 10:12:00 AM
|
|
|
UnknownShadow
Posts: 52
Joined: 21.Mar.2004
Status: offline
|
I'm running in VSAPI mode, and I realize GFI cannot delete the entire email in this mode. But what I would like to do is be able to modify the BODY of the notification, even if it was the attachment that got deleted.
Also, I noticed the 20040309 build can install in SMTP Gateway mode directly on the Exchange 2003 machine. How can I switch my current VSAPI installation to SMTP mode? Do I just need to install the new build on top of what I have and tell it to use SMTP mode? Will that automatically switch me to SMTP mode?
|
|
|
|
|
RE: "securitynotice.txt" again - 24.Mar.2004 4:43:00 AM
|
|
|
Patrizia
Posts: 8474
Joined: 18.Aug.2003
From: Malta
Status: offline
|
Hi,
To change MailSecurity from VS-APi mode to Gateway mode, you need to install MailSecurity from the beginning. The correct process to do this is:
1. Un-install MailSecurity.
2. Delete the MailSecurity directory.
3. Reboot the machine.
4. Re-install MailSecurity in Gateway mode.
|
|
|
|
RE: "securitynotice.txt" again - 24.Mar.2004 10:14:00 AM
|
|
|
bido
Posts: 3
Joined: 23.Mar.2004
Status: offline
|
But please answer how to stop the email from getting to the user with the new "securitynotice.txt" attachment.
We have the same problem, we do not want users
to get this notification.
we use VS=API mode
|
|
|
|
|
RE: "securitynotice.txt" again - 24.Mar.2004 11:24:00 PM
|
|
|
ksalper
Posts: 9
Joined: 19.Dec.2003
From: New Jersey
Status: offline
|
Someone in the MailEssentials forum just posted this comment, which I've endorsed and passed to my boss for his permission to do the same:
I don't think there's any reason anymore to deliver a message with an infected attachment. (Maybe back when Word documents had bogey macros, but that was a long time ago.)
You can tell MailSecurity to simply delete incoming messages with virus problems and then users won't ever get the security notices. That's what we do here.
|
|
|
|
|
RE: "securitynotice.txt" again - 25.Mar.2004 9:56:00 AM
|
|
|
Patrizia
Posts: 8474
Joined: 18.Aug.2003
From: Malta
Status: offline
|
Hi,
In VS-API mode it is not possible to block or delete the whole mail, therefore the item blocked will always be replaced with the securitynotice.txt file.
|
|
|
|
|
RE: "securitynotice.txt" again - 25.Mar.2004 11:37:00 AM
|
|
|
fzilz
Posts: 1
Joined: 24.Mar.2004
From: Benicia, CA
Status: offline
|
I have both Mail Essentials and Mail Security. I run in VSAPI mode.
Are you saying that there is not a way to block messages stripped of viruses (security.txt attached) or to move them to a users Junk EMail folder? Come on there has to be a solution.
I am getting multiple calls every day on this, particularly with the intriging messages of the Bagle and Netsky viruses. Please tell me there is solution.
|
|
|
|
|
RE: "securitynotice.txt" again - 26.Mar.2004 4:32:00 AM
|
|
|
Adamski
Posts: 6
Joined: 25.Mar.2004
Status: offline
|
I am also getting many calls from users concerning this and I am frustrated at no being able to tell them that I can sort it out for them.
They all know not to open attachments if they don't recognise the email so as far as they are concerned nothing has changed. They still get countless emails that clog up their mailbox that have attachments. I know that the attachments are safe and I can tell them that as well but it doesn't stop them being annoyed by it and not considering it as an added value.
I am currently trialing Mail Essentials and Mail Security and up until now I was going to purchase the unlimited license for both of them but I am not so sure now as this is quite a serious issue which seems to have no resolution.
|
|
|
|
|
RE: "securitynotice.txt" again - 29.Mar.2004 4:53:00 AM
|
|
|
Patrizia
Posts: 8474
Joined: 18.Aug.2003
From: Malta
Status: offline
|
When MailSecurity is installed in VSAPI mode, MailSecurity has to abide to certain rules. Exchange server that provides the items for scanning by MailSecurity, and MailSecurity can only block items rather then emails. By 'items', I mean message text body, message html body, attachments etc.
When MailSecurity is installed on a Gateway, MailSecurity will have full control of the email. Therefore, the Administrator can configure MailSecurity to only block the item, or to block the whole message when a rule us breached.
There are two options for installing enabling MailSecurity to block whole mails:
1. Install MailSecurity in Gateway mode. With MailSecurity 8.1, it is also possible to install MailSecurity on the Exchange machine in gateway mode instead of VS-API mode. Note that this will disable the option to scan internal mails.
2. If it is necessary to scan internal mails with MailSecurity, GFI recommends having 2 installations of MailSecurity - one on a Gateway to block malicious content coming from the internet, and another on the Exchange server which will protect the users from any internal virus outbreaks.
More information can be found at in our knowledgebase at http://kbase.gfi.com/showarticle.asp?id=KBID001839
|
|
|
|
|
RE: "securitynotice.txt" again - 29.Mar.2004 3:32:00 PM
|
|
|
SiteExperts
Posts: 9
Joined: 24.Mar.2004
Status: offline
|
I tried uninstalling and reinstalling in gateway mode. I am still getting a large number of mails (apparently from SBS - we are using exchange on an Small Business Server Box), that have the removedattachmentsxxx.txt file (e.g., the file is an exe and was removed).
Shouldn't these have been picked up by mail security prior to SBS and deleted? We set up mail security in gateway mode and chose the delete mail action for the attachment monitor.
Thanks.
|
|
|
|
|
RE: "securitynotice.txt" again - 30.Mar.2004 3:51:00 AM
|
|
|
Patrizia
Posts: 8474
Joined: 18.Aug.2003
From: Malta
Status: offline
|
Hi SiteExperts,
When un-installing MailSecurity in VS-API mode and re-installing it in gateway mode, what steps did you take?
To change from VS-API mode to Gateway mode on the same machine, you need to re-install MailSecurty from scratch. The recommended procedure is:
1. Un-install MailSecurity
2. Delete the MailSecurity directory.
3. Reboot the machine.
4. Re-install MailSecurity in Gateway mode.
|
|
|
|
|
RE: "securitynotice.txt" again - 30.Mar.2004 1:07:00 PM
|
|
|
SiteExperts
Posts: 9
Joined: 24.Mar.2004
Status: offline
|
First time I tried uninstalling and reinstalling (no reboot).
So...
I just uninstalled mail security, tried to delete the directory (many files wouldn't delete), rebooted and then successfully deleted all files, then reinstalled mail security.
It appears the attachment checking is not running. I turned on logging and nothing is getting logged.
I only turned off Content checking (assume there are no dependencies?) and the rest of the settings are enabled to check inbound mail.
Thanks.
|
|
|
|
|
RE: "securitynotice.txt" again - 1.Apr.2004 4:59:00 AM
|
|
|
Patrizia
Posts: 8474
Joined: 18.Aug.2003
From: Malta
Status: offline
|
Hi,
Do you have any anti-virus or back-up software on the machine, scanning the MailSecurity directories?
|
|
|
|
|
RE: "securitynotice.txt" again - 7.Apr.2004 5:32:00 PM
|
|
|
SiteExperts
Posts: 9
Joined: 24.Mar.2004
Status: offline
|
No other active anti-virus software. I noticed about 40 or so e-mails w/ attachments were logged as deleted. However, I am getting 500-600 mails a day that are not getting caught (I am getting them with the outlook removedattachmentxxx.txt file in my inbox). The removed files appear to have the same extension as some of the files that were caught.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
