Exchange & Outlook UPDATE, Exchange Edition, September 12, 2003

Get some tips about avoiding future variants of the SoBig.F virus. Plus, get information about Exchange tools, Outlook tips, and new products.

ITPro Today

September 10, 2003

8 Min Read
ITPro Today logo in a gray background | ITPro Today

Exchange & Outlook UPDATE, Exchange Edition--September 11, 2003

KVS

http://www.kvsinc.com/exchangeandoutlookheadaches

Mailwise

http://www.mailwise.com

===============

==========

~~~~ Sponsor: KVS ~~~~ Are you spending too much time retrieving old or deleted emails from backup tapes? Are your users complaining about mailbox quotas? Are you concerned about the number of PST files, and the risk of information loss? Are you consolidating the number of Exchange servers? If the answer to any of these questions is yes, you need email archiving from KVS. Enterprise Vault(tm) solves these issues, and brings benefit to Exchange migration, reduces backup/recovery times and enhances your disaster recovery plans. User comments include "80% reduction in mailbox size", "migrating 80Gb of email versus 160Gb", "constant backup window" and "saved 20 hours a week in administration". To learn more about alleviating your email headaches click here. http://www.kvsinc.com/exchangeandoutlookheadaches

==========

==== 1. Commentary: Fighting SoBig ==== by Paul Robichaux, News Editor, [email protected] Almost everyone who uses email is aware of the ongoing spread of the SoBig.F virus, but email administrators are acutely (or perhaps "painfully" is a better word) aware of exactly how much time and trouble this virus is causing. Worse still is the threat of new SoBig variants; all earlier generations contained expiration dates (see the first URL below for more information about the virus), but many people are concerned that the next generation won't contain them. Fortunately, you can take steps now to harden your servers, clients, and users against future infections. First, try to prevent users from opening SoBig's attachments. Although handcuffs might be the only foolproof solution, Outlook's attachment-blocking features are the more practical method. For Outlook 2003 and Outlook 2002, simply enable Outlook's built-in attachment-blocking feature. For Outlook 2000, you'll need to apply the Outlook Security Update, which is available at the second URL below. For all Outlook versions, you can partially control which attachment types Outlook blocks by setting up a specially named public folder and posting a custom form item to it. Plenty of documentation describing this process exists: Take a look at Chapter 13 of "Secure Messaging with Microsoft Exchange Server 2000" (Microsoft Press, 2003), the "Microsoft Office 2003 Editions Resource Kit" Web site (at the third URL below), and the Slipstick Systems Outlook & Exchange Solutions Center (at the fourth URL below). Second, prevent users who do become infected from infecting others. SoBig.F includes an SMTP server so that after the virus harvests addresses, it can start spamming those addresses. In most cases, desktop machines have no good reason to send SMTP traffic directly to the Internet. Therefore, I suggest that you configure your border and internal routers to prevent any traffic on TCP port 25 unless one of your email servers sends that traffic. If everyone took this step, the spread of SoBig-like viruses would be greatly restricted--which is precisely why so many major broadband ISPs are restricting their clients' ability to send SMTP traffic. (Of course, this decision plays havoc with those of us who want to run Exchange servers at home.) Third, make sure you have well-maintained, high-quality client- and server-based antivirus protection. Content-filtering tools such as NetIQ's MailMarshal and Nemx Software's Power Tools are also helpful because they can block or quarantine messages with suspect content. However, if you use such a tool, do us all a favor and turn off the automatic notification messages that tell the sender "You've sent an infected message." Because SoBig forges headers, this feature can deluge innocent bystanders with notification messages. Finally, make sure your servers have some headroom. I've seen reports of SoBig victims getting thousands of messages per day, each message averaging about 100KB. If you happen to host mailboxes for someone with a well-known address, the next wave of attacks could spam you with gigabytes of mail per day. That much traffic can make a serious dent in your transaction log volume's free space (not to mention the effect on the size of your mailbox databases). Be sure you have adequate surge capacity to withstand brief and midsized spikes in mail and transaction volume. SoBig.F virus description http://www.f-secure.com/v-descs/sobig_f.shtml Outlook Security Update http://office.microsoft.com/productupdates/default.aspx "Microsoft Office 2003 Editions Resource Kit" Web site http://www.microsoft.com/office/ork Slipstick Systems Outlook & Exchange Solutions Center http://www.slipstick.com

==========

~~~~ Sponsor: Mailwise ~~~~ Guaranteed to remove 99.7% of Spam with nothing to install, maintain or upgrade * - Call us over lunch, and see Spam disappearing by dinner - 20% discount for Exchange Administrators - 21-day free trial, takes only 10 minutes of your time - Rock-solid stable solution means 100% uptime - We have a long list of happy customers, references available * To stop Spam effortlessly, see http://www.mailwise.com or email [email protected].

==========

==========

==== 6. Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.winnetmag.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]

===============

This email newsletter is brought to you by Exchange & Outlook Administrator, the print newsletter with practical advice, tips, and techniques covering migration, backup and restoration, security, and much more. Subscribe today.

http://www.exchangeadmin.com/sub.cfm?code=neei23xxup

Copyright 2003, Penton Media, Inc.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like