Educause Security Discussion mailing list archives
Re: Sobig Traffic
From: "F.M. Taylor" <ftaylor1 () MYMAIL INDSTATE EDU>
Date: Mon, 8 Sep 2003 12:31:24 -0500
We are using MimeDefang with SpamAssassin and virus scan at our border mail gateway, before we pass it internally. This is working well for us, we strip out executable attachments, scan what's left for virii, and tag the remaining based on their "spam score". While this did cause some FUD when we initially implemented it, this last round of virii and worms would have decimated our network had we not already put this in place. This had the added benefit of not clogging mail server with the "you sent me a virus" messages, as virii infected messages are re-directed to the bit bucket. For the most part e-mail borne virii are almost completely a thing of the past here. There are of course exceptions, as I can't catch everyone, or implement fully draconian rules, but I try ;) As a side note I do have to run 5 v100 sun servers to handle the mail cleaning load ;) We process between 30K-100K messages per day. Barros, Jacob wrote:
Our exchange server is still getting hit with email messages containing the Sobig.f virus. The viruses is being deleted but we're losing system resources in the process. Do any of you know if there is a way that I can filter/block those messages before it hits the exchange server? Can it even be done or should we just ride out the storm. Am I on the wrong track in thinking that this bug is on the outside and in fact may be resident on one of our internal machines? ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
-- Mike Taylor. GSEC/GCFW 'Non Impediti Ratione Cogitationis' Coordinator of Systems Administration and Network Security Indiana State University. Rankin Hall Rm 052 210 N 7th St. Terre Haute, IN. Voice: 812-237-8843 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Sobig Traffic Barros, Jacob (Sep 08)
- <Possible follow-ups>
- Re: Sobig Traffic Bruhn, Mark S. (Sep 08)
- Re: Sobig Traffic Greg Francis (Sep 08)
- Re: Sobig Traffic F.M. Taylor (Sep 08)
- Re: Sobig Traffic Jamie Aiello (Sep 08)
- Re: Sobig Traffic Greg Graeff (Sep 09)
- Re: Sobig Traffic Scott Bradner (Sep 09)
- Re: Sobig Traffic Bruhn, Mark S. (Sep 09)
- Re: Sobig Traffic Scott Bradner (Sep 09)
- Re: Sobig Traffic Hahn, Jacob (Sep 09)