|
|
|
|
|
|
|
|
|
|
|
|
|
|
EMAIL UNDER ATTACK
How to protect your Domino servers from Sobig.F
By Daniel Koffler
While SoBig.F looks like spam and shares many of the same characteristics, most of Domino's anti-spam features are useless at blocking it. Aside from installing anti-virus software on your workstations and mail servers, the best methods of blocking SoBig.F are to educate users about opening attachments and to use server based mail rules to eliminate SoBig before it ever gets delivered to your users.
To create server mail rules, open Domino Administrator and select the "Configuration" tab. In the left pane, select Messaging -> Configurations and open the document for the server you want to configure. Edit the document and select the Router/SMTP-> Restrictions and Controls ->Rules tab. Select the "New Rule" button to create a new rule as shown in Figure A.
FIGURE A
 
Create a new server mail rule in Domino 6 Roll over picture for a larger image.
Server mail rules act on all mail delivered to the MAIL.BOX file before it is picked up by the router and delivered to end users. The SoBig.F worm only transmits itself as a ".pif" or ".scr" file, so you can create a mail rule to block messages with those types of attachments. Inform your users you are going to be blocking these file types; this should be part of your corporate email policy. You may also want to block ".bat" files and others. For a complete list of executable file extensions for Windows check out http://antivirus.about.com/library/blext.htm and create a corporate policy that is right for your organization.
In the "New Rule" dialog box, make sure the rule is on and add a condition for every file type you want to block by selecting "any attachment name", "contains" and then enter the file extension you want to block. Make sure that you select the "OR" option when adding subsequent extensions, as depicted in Figure B. The "Specify Actions" section allows you to select what you want done with matching messages. You can reject the messages (the "don't accept message" and "don't deliver message" have the same effect on SMTP messages), you can have their status changes to "held", or automatically quarantine them in a database of your choosing.
FIGURE B
 
You should set up your mail rule much like this. Roll over picture for a larger image.
The mail rule we have created will make sure that SoBig.F and its variants don't end up in your users' mail boxes. Now, let's create a second rule to quarantine messages that are the result of bounces from anti-virus systems.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Advertisement --
Power Tools 6.0 is a set of 90 administrative utilities for Lotus Notes & Domino
Power Tools simplifies management of the Notes/Domino environment by automating routine tasks. Power Tools can manage or monitor mail files, groups, ACLs, agents, LOG.NSF, templates and more.
Download a trial version from helpsoft.com. |
-- Advertisement --
Teamstudio announces the 2010 spotlight awards winners!
We had some extraordinary submissions for the 3rd annual Teamstudio Spotlight Awards, and choosing the winners was no easy task for our judges! Click here to find out who won, and to learn more about these remarkable applications and the genius developers behind them!
Tap here for more information. |
|
|
|
|
|
|
|
|
|
|