GEE Whiz Stops SoBig Virus
Novell Cool Solutions: Trench
By Omni Technology Solutions Inc.
Digg This -
Posted: 28 Aug 2003
Did the SoBig Virus Slow You Down? See How GEE Whiz Kept GroupWise Users Safe
It has certainly been an interesting week for many companies that were not protected from the Sobig-F virus - and many who thought they were but whose anti-spam/anti-virus solution wasn't able to keep up. So, how did GEE Whiz protect companies from Sobig-F and other viruses? By leveraging the power of GEE Whiz default filters and custom Regex header filters.
GEE Whiz protected many systems with its ability to block attachments by attachment name or by file type (fingerprinting). For those customers who didn't turn on attachment filtering, the anti-virus component deleted all of the harmful attachments. But for many of our customers, these options were good, but not good enough because attachment filtering and deleted virus attachment emails were still being delivered to the end user to advise them that they had received an email with an attachment that was blocked.
This is where the flexibility and power of GEE Whiz came to the rescue. GEE Whiz allows you to configure REGEX Header Filters based on To:, Subject: or Message. In three quick, easy steps, GEE Whiz Header Filters can be configured to block all of the Sobig-F emails and drop them before they get through your GWIA to the MTA, POA or Virus Scanner. For directions on how to do this, go to: http://www.omni-ts.com/Information/sobig.html
And how well did GEE Whiz perform during the Sobig-F storm? Following are excerpts from an email that was posted to the Novell GroupWise List from one of our larger customers who installed GEE Whiz on August 22nd, after being bombarded by Sobig-F:
"... So skip ahead to Wednesday morning. That is when we first started to notice the sobig virus. We were seeing about 100-200 an hour at first. It somehow had infected a few of our PC's and it then started to use our internal email relays to route mail internally and externally. It soon grew to the point where we were seeing 10,000 or more an hour. We looked at several ways of trying to stop it or slow it down. We shutdown the GWIA, but mail was backing up faster than we could move it out of the receive and send q's. We had to find a better solution.
We went to our management and said that we thought that Gee Whiz should be able to handle it. At this point, they asked us to call Aldo and see what could be done. We contacted Aldo and he had a license file on the way to us within minutes. Once we got the file, he stayed on the phone with us to help us getting it set up to block the sobig emails.
So once we had it ready to go, we opened the gateway and let the messages through. In the first 50 minutes, Gee Whiz was able to go through our entire backlog of email. It processed 72,000 pieces of email and stopped 67,000 of them because they had the attachment, or had one of the known subject lines. We were watching the server closely at this time, and Gee Whiz did not really put any strain on it at all.
I just wanted to relate our experience and to thank Aldo for his wonderful help this week. I am sure they were as busy as anyone else this week, but he still took the time to help us make sure everything was setup properly and that we were able to block sobig. Thanks
For customers interested in trying GEE Whiz, go to www.omni-ts.com and download our free 30-day trial. Interested in upgrading from your current solution, check our web site for our FREE upgrade promotion (expires September 30, 2003).
The Omni-TS Solutions Team
- For more information, visit http://www.omni-ts.com.
- Read more Omni Technology Solutions Cool Solutions articles here.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com