General discussion


Stop GroupShield from sending clean mail

By swomack ·
This is a repost from the other day because I know once a question is a few days old, it won't get answered. This one got answered but not adequately. Here is the question:

McAfee's GroupShield for Exchange 2000 sends the usless remains of an infected email with a stupid attachment called Replaced Infected File.txt. Our users have been getting a lot of these and I would like to tell GroupShield (at the server level, not the client level) not to send these usless things on to the recipient. I know there must be a reason it does it but I have not see any reason in the past 3 years that I have been using GroupShield.

Here was the answer:
You can configure GroupShield to send theese "useless" remains of email to whatever mailbox you want, o no mailbox at all.
Anyway, the pourpose is to know that an email arrived (a friend or supplier might be infected and not know it)

My response:

Were exactly do you configure GroupShield to send these useless remains to whatever mailbox, or no mailbox? Give me the details and I'll give you the points.

I figured that is the reasoning behind sending them on but in reality, a huge majority of the viruses that come into our organization were not intentionally sent from a friend or supplier and the From field is usually spoofed so you can never tell who it is from anyway. Those useless emails just freak out or annoy users. Then they call me.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by carlos.nino In reply to Stop GroupShield from sen ...

You define all this at the notification properties page of the Configuration Properties Console. It's supposed to be in the manuals, but I found it at NAI's web page. If the below link does not work, send me an email and I'll send you the PDF file that explains all the major functions.

Collapse -

by swomack In reply to

Thanks for the response but I don?t think that is where this can be done, if it can be done at all. I have read the pdf file you are referring to but the Notification properties page only deals with the notification email not the actual email itself. On the Notification page, you can choose who gets an alert. Right now I have it set to only send the administrator, me, an alert. The recipient nor the sender receive the notification that comes from the GSE account, only me. However, the user still gets the remnants of the original infected email. This is an example of what they get:

From: (This is a spoofed address)


Subject: Re: Here is the document

Attachments: Replaced Infected File.txt

Inside the attachment it says, The item has been replaced because it was infected by the W32/Netsky.c@MM!zip virus.

Now, this email was not intentionally sent to Joe and it was not sent by the person in the from field. It was sent by the virus and for that reason, it is of absolutely no use to Joe. And, 99% of the emails that are caught by GroupShield are of no use to the user and cannot be traced back to the sender because the from field is spoofed. So, why can?t I tell GroupShield not to send this useless email on to the user?

Poster rated this answer.

Collapse -

by swomack In reply to Stop GroupShield from sen ...

This question was closed by the author

Related Discussions

Related Forums