Conference chefs::ms-exchange

Hi!

I have a customer with almost the same problem. They are not able to get
rid of a Word virus. They _think_ the virus came as an infected attachment
to an Exchange message. (They do have virus tools enabled on each client, but
the users tend to disable it because it's too time consuming...)

So, how do they locate the infected documents in private information store?
This store is one file (private.edb?) and quite big... Or, if they could
delete all attachments since a certain date, that would help.

They have started to take ownership of one mailbox at a time, checking each 
and every message, but they have 400 users....

Any good advice?

Thanks
Dorthe
NSIS Norway
[Posted by WWW Notes gateway]

Dorthe,

  The only other way that I can think of is to purchase Cheyenne's AntiVirus 
Agent for Microsoft Exchange (works with InocuLAN so you need to buy it too). 
Last week at the Windows NT Wizard's Conference, I asked the Cheyenne folks 
during their InocuLAN session how the Exchange agent works.  They told me that
you can make it works in one or both modes just as InocuLAN does  - "real-time"
(scans every transaction to the Exchange DB - got a fast server?) or "scan" (the
whole DB on a schedule).  While this doesn't solve your immediate problem, I'm
sure the situation has made a case for the purchase of said software. 

Regards,

Dave

I'm starting to see the following message at the bottom of email from 
Europe. Anyone knows anything about this?

This message has been scanned for viruses at the originating end by 
ThunderBYTE Anti-Virus for MS Exchange
	http://www.thunderbyte.com/aboutmx.html

    >> Anyone knows anything about this?
    
    Many of my group (MCS) are using ThunderByte because we've been bitten
    (ha ha - intentional pun!) recently by virii carried by Exchange and
    insulated from normal virus scanning.
    
    I organised a security briefing for my group this week and asked what
    the situation was for Exchange.  Answer : "It's our highest priority
    and biggest problem area - we're working on it - expect
    an announcement about a corporate licence within a couple of weeks"  
    
    They wouldn't say whether it would be for ThunderByte or something else
    but I must say that I am very impressed with ThunderByte - integrates
    really very nicely.
    
    /Chris/
    

>>but I must say that I am very impressed with ThunderByte - integrates
>>really very nicely.
    
>>    /Chris/

My customer has been in contact with ThunderByte, but they said they couldn't
use it, because of 2 things:
1) They didn't have support for Windows 3.* clients
2) They did not have a solution to scan the complete database..(?)

Dorthe
[Posted by WWW Notes gateway]

>>but I must say that I am very impressed with ThunderByte - integrates
>>really very nicely.
    
>>    /Chris/

My customer has been in contact with ThunderByte, but they said they couldn't
use it, because of 2 things:
1) They didn't have support for Windows 3.* clients
2) They did not have a solution to scan the complete database..(?)

Dorthe
[Posted by WWW Notes gateway]

Yes, ThunderByte is a nice detection tool.  The problem with ThunderByte is 
that it only tells you there is a problem.  You still need a different tool to 
fix the problem.

Stay tuned; I understand that there will be good news soon.

Hmmmm

I sent the following question to ThunderByte:

>Is there a ThunderByte solution to support scanning of an Exchange database
>(private information store)?
>If a customer allready have a virus in their database, eg. a Word macro
virus,
>how can they get rid of it, without having to enter each and every mailbox
and
>scan them individually?

I got 2 answers, the first one was:

>I am sorry but at this time there is no way for TBAV-Mx, does not have the 
>option of scanning a private exchange database, nor it there one in the work
>that I know of.  I can pass this request off to the developers though.

And the "developers" answered:

>TBAV MX (Our Exchange Add-on will scan all pour mailboxes when it installs.
>Thus by installing TBAVMX, all mailboxes will be scanned and all mailboxes
>will be freed on viruses

So the conclusion is ??

Happy Easter from
Dorthe

[Posted by WWW Notes gateway]

Bob (or anyone else),

Any idea when "soon" will be?  I'm seeing a rapidly increasing number of people
installing the 30-day freeware version of ThunderByte to combat macro virus
problems.  It seems to be proliferating because of;

	1) The marketing message at the bottom of mail others are sending.
	2) It's ability to blast back a notice to the distribution list of an
		infected message that an infection was found.

I am now seeing people running around saying that "everyone" should install
this great tool.  They are blissfully unaware that they should buy a
license within 30 days and that without one they will not get updates to 
the database.

I can foresee DIGITAL getting in serious trouble with Thunderbyte and in the
industry for running so many versions of what should be a licenses product.
And down the road 6 months there will be many who think they are protected
from the latest virus who won't be.

"Soon" better be real soon.

				Mark


>================================================================================
>Note 646.8                 Exchange and Word doc Virii                    8 of 9
>WOOK::ogodhcp-123-40-215.ogo.dec.com::read "Bob Read @OGO, DTN 276-9715" 5 
>lines  25-MAR-1997 16:51
>--------------------------------------------------------------------------------
>
>Yes, ThunderByte is a nice detection tool.  The problem with ThunderByte is 
>that it only tells you there is a problem.  You still need a different tool to 
>fix the problem.
>
>Stay tuned; I understand that there will be good news soon.
>