Wed, Dec 28 2005 17:07
bradley
So if you have ISA here are some things you can do
So.... let's see..... we have a Zero Day WMF exploit nailing even fellow MVPs .... websites that nail you with malware so bad you have to flatten and rebuild....that merely visiting the web site..no clicking.... will nail you.... and Trend [and most a/v companies] has the definition for this in there 'beta' def but not their released one....so what's a gal to do?
So I already blocked WMFs in email in the Trend Antivirus
- I don't want to pull down a beta def file
- I'm not sure I want to unregister a dll.......shimgvw.dll
- So how about looking at what my ISA server can do 'eh?
Jesper's Blog : Blocking certain extensions in ISA server:
http://blogs.technet.com/jesper_johansson/archive/2005/12/28/416565.aspx
Very cool huh! And how about we block those wmf's via ISA server.
So we go into the ISA management console..and we access the SBS Internet Access Rule [on mine this is rule 23]
- Click on Protocols
- click on Filtering
- Click on configure http
- Click on Extensions
- Choose "Block Specified Extensions and allow all others" and then put the list in you want to block
- Click "add" and put in wmf.
Click OK, click apply and now when i go to the test page... voila...the image doesn't show up.
Is this cool or what? Now I feel a lot better since Trend hasn't updated yet.
Filed under: Security
![[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.]](http://www.sbslinks.com/images/headertop.png "There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not!")