[ngw] Cleaning virus off GroupWise itself??

Fenton Li fckli at med.cornell.edu
Mon Dec 17 14:45:00 UTC 2001


Charles,

Thx so much for the detailed review and recommendation.

You've definitely allayed my fears and concerns with worms which stems from mis-information.  It sounds like I am fine with Norton AV Corp.  I guess I will always have dormant viruses (stuck in unscanned email before migration).  But if they can not be active within the database files, then they are not of concern.  That is becoming a consensus with other respondees.

GWAVA sounds like a great tool for its expanded control over files.  You suggestion for further inquiry is much appreciated.

Best wishes for the holiday season!

Fenton Li
Sr Data Coord.
Weill Medical College
Office of Development
---------------------------

>>> Charles Nguyen-Huu<Charlesn at groupwisesolutions.com> 12/14/01 05:09PM >>>
Worms are normally encrypted in an attachment (eg. Nimda) which require user intervention to activate. Once the worm is unleashed it can do damage by exploiting security holes available on Outlook, Exchange, IIS server etc... Provided that you 1) "lock-down" known security issues with components on your network 2) update your virus definitions (for file and network scanning) 3) and most importantly install GWAVA on all MTA servers, you will be able to contain the spreading in little or no time (plus all interceptions are logged) because GWAVA will intercept them before they can wreak havoc. Last, to prevent future contamination and unknown threats can potentially arise even before your AV engine vendor provides you with updated virus definitions, GWAVA can be set to block messages based on criterias such as specific file attachments, file names, or even users. I encourage you to speak to one of the Messaging Architects Specialists www.groupwisesolutions.com for a complete assessment on how to better secure your GroupWise environment.

Sorry for the long response, but hope this helps.

Charles Nguyen-Huu

>>> fckli at med.cornell.edu 12/14/01 12:18P >>>
Thx everyone for the advices on GW and anti-virus software.

I understand the point regarding GW database encryption so certainly file scan on the server level is non-sensical and even destructive.
Also that desktop virus scanners and agents working as an intermediate between GW and GWIA should do the trick in stopping further infection and spread of viruses.

But it does sound like there is no way to remove existing viruses in GW administratively.

My main concern then is with worms. I think they can be active without being accessed.  If that assumption is right and they are in GW, how do you deal with them if the worm-laden messages can only be cleaned upon opening??  My main fear is database corruption working from within.  Or GW runs all database maintainance activity i.e. cataloging, indexing,...etc outside of the database so worm activity is not an issue?


Thx again to all for the insightful tips and comments.
Fenton Li
Sr. Data Coord.
Weill Medical College
Office of Development



--
Visit http://www.ngwlist.com for help with the list.
Visit http://www.concentrico.net for GroupWise, NDS, or DirXML development needs and product information.



--
Visit http://www.ngwlist.com for help with the list.
Visit http://www.concentrico.net for GroupWise, NDS, or DirXML development needs and product information.




More information about the ngw mailing list