ChrisB

Please let me know if you are...

Ta,

ChrisB.

JackClark

I know a lot of people that are and my friends wrote it.

Anything I can do to help?

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by ChrisB:
<B>Please let me know if you are...

Ta,

ChrisB.[/quote]

WillieF

I am with jack - but i think he is biased - no probs it is a very good product. Only problem is doing the update via a dial up.

Do you not sell Sonicwall kit??

Why do you ask??

But I think Jack has better contacts

[This message has been edited by WillieF (edited 09 August 2001).]

ChrisB

Willie,

Yup, we do sell Sonic's.

Jack,

Had a copy of SirCam come through today. The attachment was .DOC.PIF

Got past GFI Mail Essentials which should get it with the Norman AV engine and as a fall back it is setup to block .PIF attachments (amongst a bigger list).

It then went past Groupshield 4.5 with the 4140 engine and 4151 DAT. Groupshield is also setup to block .PIF (along with VBS, WSH etc).

VirusScan 4.5 finally killed it on the recipients PC (thankfully!).

What's worrying is that another SirCam got through last both Mail Essentials and GroupShield last week to the same user!

I'm still speaking to GFI about it from last weeks episode (we have some extra diag. logging turned on now), but I want to look at the GroupShield angle now as I'm a little concerned!

I'm wondering if it's our config or something strange? I do have a bit of confidence in ME / GS as they both grabbed some HTML mails infected with the VBS/HapTime@MM virus a week or so ago.

TIA,

ChrisB.

Puff The Magic Wagon!

iTrader: (2)

I believe we are Chris

07976 327 679

Puff The Magic Wagon!

iTrader: (2)

& Willie...

I thought you wanted to have a wee chat...

JackClark

The most likely reason is that the infected mails were in TNEF format. Our latest engine - in beta - can handle this format, most likely the same problem for GFI as I know it affects other vendors.

Here's some info on TNEF and a link to our new engine - It's stable as far as I know

Pronounced tee-neff, and short for Transport Neutral Encapsulation Format, a proprietary format used by the Microsoft Exchange and Outlook e-mail clients when sending messages formatted as Rich Text Format (RTF). When Microsoft Exchange thinks that it is sending a message to another Microsoft e-mail client, it extracts all the formatting information and encodes it in a special TNEF block. It then sends the message in two parts - the text message with the formatting removed and the formatting instructions in the TNEF block. On the receiving side, a Microsoft e-mail client processes the TNEF block and re-formats the message.

Unfortunately, most non-Microsoft e-mail clients cannot decipher TNEF blocks. Consequently, when you receive a TNEF-encoded message with a non-Microsoft e-mail client, the TNEF part appears as a long sequence of hexadecimal digits, either in the message itself or as an attached file (usually named WINMAIL.DAT). These WINMAIL.DAT files serve no useful purpose so you can delete them.

ChrisB

Jack,

Many thanks for that info.

Must admit I've never heard of TNEF although I've often seen WINMAIL.DAT files kicking around.

I shall grab the 4150 Beta Engine on Monday and see what happens.

Does the lack of support for TNEF stop the attaching blocking function working in GS?

Beer's are on me should we meet up

Cheers,

ChrisB.

JackClark

Can't read the msg can't see the attachment.
Nice one, I'm always up for free beer.

ChrisB

4150 Engine is now installed on our Exchange Server & GS reports the engine as 4150.

Time to wait and see.

ChrisB.