Hi We are running Exchange 2007 SP1, Forefront and McAfee 8.5 VS. I understand there is a new email worm that has been out http://seerpress.com/email-worm-threatens-computer-network-security/6707/ I can see: - Common Subject line - Malicious link - Virus sends the email to all contacts in the user's address book Does anyone know the best way (apart from up to date AV) to counter against this. For instance: i. Can we use Forefront or some other Exchange mechanism to block messages based on the subject line? ii. Can we use McAfee to prevent the opening of suspect links iii. Is there anyway to prevent an app emailing more than x number of Outlook contacts? Perhaps a setting in Outlook or Exchange 2007?

On Mon, 13 Sep 2010 17:35:35 +0000, Pancamo wrote: >Hi We are running Exchange 2007 SP1, Forefront and McAfee 8.5 VS. I understand there is a new email worm that has been out http://seerpress.com/email-worm-threatens-computer-network-security/6707/ I can see: - Common Subject line - Malicious link - Virus sends the email to all contacts in the user's address book Does anyone know the best way (apart from up to date AV) to counter against this. For instance: i. Can we use Forefront or some other Exchange mechanism to block messages based on the subject line? ii. Can we use McAfee to prevent the opening of suspect links iii. Is there anyway to prevent an app emailing more than x number of Outlook contacts? Perhaps a setting in Outlook or Exchange 2007? It's kinda late for this (last week would have been much better). :-) Create a transport rule with three regex in it. These should kill not just the original message but also the auto-forwarded messages and the foolish replies to the message: ^here you have$ ^fw: here you have$ ^re: here you have$ --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi Pancamo, You can also find details in this Technet blog: Emerging Malware Issue: Visal.B “Here You Have”, Prevent and Remove https://blogs.technet.com/b/thbrown/archive/2010/09/10/emerging-malware-issue-visal-b-here-you-have.aspxFrank Wang