How Do I delete those pesky de-fanged virus emails?

  • Thread starter Thread starter John Polcari
  • Start date Start date
J

John Polcari

My exchange 2003 users are getting a boatload of viruses. No problem. This I
deal with by way of Symantec Anti Virus Gateway.

You'd think the ungrateful users would be happy with that, but Nooooooo...
now they whine and moan about having to look at the de-fanged email with the
virus deleted.

Now I'd like to delete the rest of the Email. Seems it should be easy,
because all of them now have an attachment with the same name
"deleted0.txt". Should I think about Symantec anti-spam running on their
desktops? should work but it's kind a of a kludge and it won't help with
OWA. Upgrade to Outlook 2003? (and I'm not 100% sure 2003's junk mail
filter would do this) but we're using Outlook 2002, and that's a lotta
money... Seems that some kinda script would work better. I can't be the
first person to have this problem, yet I don't see any discussions about
it...

Ideas/suggestions anyone?

Thanks in advance,

John Polcari
 
Best suggestion is to check with Symantec's customer support to see if there
is an option to drop the entire message and send no notification. For
example, our site uses Sybari's Antigen. If an incoming message includes a
virus/worm and there is a signature for it, the entire message is dropped
during the SMTP session.

If a message coming in that meets a restriction list (e.g. contains an exe,
pif, com, bat, .etc) and doesn't match any signatures, the file is
quarantined and replaced with a text file that if it was expected to contact
IT so the file can be released.

I sympathize with your plight because after two years of this type of
configuration and a little PR work, users know they only have to endure this
notification for a few hours when a very new and prolific worm hits the
streets. Management is really happy because IT has reduced the attack
surface by removing file types that have the most potential to cause harm
w/out impacting business.

/neo

ps - i'm suggesting this over a macro because Outlook 2002 has an enhanced
security model that *may* throw additional warnings when trying to access
the message programmatically.

pss - junk filter may or may not catch it... depends on the remaining
content.

psss - fwiw, i stopped using symantec's gateway products over 2 years ago.
had too many problems with the content vector procotol (cvp) and checkpoint
firewalls. leaving this product was for one of the items you listed and the
second is that cvp sucked and blowed under mail storms (for us this meant
3000-4000 messages per minute.) Moving to Sybari's Antigen cured this and
really improved things from central management to end user experience.
 
Back
Top