We were running AV software on our mail server as well, but the attachment still got through initially as the vendor's pattern files didn't recognise it. AFAIK, none of the AV vendors had released updates to detect LoveLetter until PM, UK time. We got around this by blocking the attachment by name.
It occurred to me afterwards that a reasonable solution to a lot of these Outlook worms is to quarantine all incoming files matching *.vbs. That way, even if someone sends a legit VB script file through, we can fish it out of the quarantine directory and pass it on to the user. Has anyone else done this and, if so, is anything I'm missing here?
Slashdot Mirror
We were running AV software on our mail server as well, but the attachment still got through initially as the vendor's pattern files didn't recognise it. AFAIK, none of the AV vendors had released updates to detect LoveLetter until PM, UK time. We got around this by blocking the attachment by name.
It occurred to me afterwards that a reasonable solution to a lot of these Outlook worms is to quarantine all incoming files matching *.vbs. That way, even if someone sends a legit VB script file through, we can fish it out of the quarantine directory and pass it on to the user. Has anyone else done this and, if so, is anything I'm missing here?