[ngw] Cleaning virus off GroupWise itself??

Charles Nguyen-Huu Charlesn at groupwisesolutions.com
Fri Dec 14 22:09:00 UTC 2001

Worms are normally encrypted in an attachment (eg. Nimda) which require user intervention to activate. Once the worm is unleashed it can do damage by exploiting security holes available on Outlook, Exchange, IIS server etc... Provided that you 1) "lock-down" known security issues with components on your network 2) update your virus definitions (for file and network scanning) 3) and most importantly install GWAVA on all MTA servers, you will be able to contain the spreading in little or no time (plus all interceptions are logged) because GWAVA will intercept them before they can wreak havoc. Last, to prevent future contamination and unknown threats can potentially arise even before your AV engine vendor provides you with updated virus definitions, GWAVA can be set to block messages based on criterias such as specific file attachments, file names, or even users. I encourage you to speak to one of the Messaging Architects Specialists www.groupwisesolutions.com for a complete assessment on how to better secure your GroupWise environment.

Sorry for the long response, but hope this helps.

Charles Nguyen-Huu

>>> fckli at med.cornell.edu 12/14/01 12:18P >>>
Thx everyone for the advices on GW and anti-virus software.

I understand the point regarding GW database encryption so certainly file scan on the server level is non-sensical and even destructive.
Also that desktop virus scanners and agents working as an intermediate between GW and GWIA should do the trick in stopping further infection and spread of viruses.

But it does sound like there is no way to remove existing viruses in GW administratively.

My main concern then is with worms. I think they can be active without being accessed.  If that assumption is right and they are in GW, how do you deal with them if the worm-laden messages can only be cleaned upon opening??  My main fear is database corruption working from within.  Or GW runs all database maintainance activity i.e. cataloging, indexing,...etc outside of the database so worm activity is not an issue?

Thx again to all for the insightful tips and comments.
Fenton Li
Sr. Data Coord.
Weill Medical College
Office of Development

Visit http://www.ngwlist.com for help with the list.
Visit http://www.concentrico.net for GroupWise, NDS, or DirXML development needs and product information.

More information about the ngw mailing list