Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

can Forefront add a AV scanned footer stamp?

2 views
Skip to first unread message

Paul O'Donnell

unread,
Jul 17, 2008, 9:05:14 AM7/17/08
to
I'm looking to add a footer/signaure/stamp to outgoing emails to certified
that they have been scanned. Is this possible from Forefront?

Dieter Rauscher [MVP]

unread,
Jul 17, 2008, 9:48:08 AM7/17/08
to
Hi Paul,

> I'm looking to add a footer/signaure/stamp to outgoing emails to certified
> that they have been scanned. Is this possible from Forefront?

You could use the "Disclaimer" functionality of FSE.

Regards,
Dieter

--
Dieter Rauscher
MVP Forefront
Website: http://www.msisafaq.de
Blog: http://msmvps.com/rauscher/
Buch: http://www.msisafaq.de/buch/

Paul O'Donnell

unread,
Jul 21, 2008, 6:21:04 AM7/21/08
to
"Dieter Rauscher [MVP]" <dieter....@msisafaq.de> wrote in
news:E9BD7B7C-DB10-4720...@microsoft.com:

> Hi Paul,
>
>> I'm looking to add a footer/signaure/stamp to outgoing emails to
>> certified that they have been scanned. Is this possible from
>> Forefront?
>
> You could use the "Disclaimer" functionality of FSE.
>
> Regards,
> Dieter
>

Go, on, I give in, where do I find this functionality? I've scoured the
whole interface, and the help file and also the web, and apart from a
link back to this thread, all I can find is a technet article on a reg
hack to permit non-ASCII characters in the disclaimer.

So can you throw me a bone and point me in the right direction?

TIA

Paul

Steve Riley [MSFT]

unread,
Jul 21, 2008, 6:14:11 PM7/21/08
to
Why do this? I've seen other virus scanners append such text, and I've
always thought it rather superfluous. Unless an email message is digitally
signed, then you really can't trust that any of the text in the message --
including virus scanner footers -- is legitimate. It's trivial for an
attacker to add fake footers or remove real ones.

--
Steve Riley
steve...@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com

"Paul O'Donnell" <spam...@deadspam.com> wrote in message
news:Xns9ADE8F16894C3s...@207.46.248.16...

Paul O'Donnell

unread,
Jul 22, 2008, 4:27:25 AM7/22/08
to
"Steve Riley [MSFT]" <steve...@microsoft.com> wrote in
news:77FBEB9F-F0C8-4C4F...@microsoft.com:

> Why do this? I've seen other virus scanners append such text, and I've
> always thought it rather superfluous. Unless an email message is
> digitally signed, then you really can't trust that any of the text in
> the message -- including virus scanner footers -- is legitimate. It's
> trivial for an attacker to add fake footers or remove real ones.

Well, it complies with the companies data security policy. We insist that
all email is scanned, and we expect it from our partner companies, and by
appending this superfluous text, even though it proves very little to a
hardened techie like yourself, it shows to people that we are holding up
our end of our policy.

Can anyone actually tell me how to envoke this "Disclaimer" function in
Forefront?

Paul O'Donnell

Dieter Rauscher [MVP]

unread,
Jul 23, 2008, 10:00:17 PM7/23/08
to
Hi Paul,

>>> I'm looking to add a footer/signaure/stamp to outgoing emails to
>>> certified that they have been scanned. Is this possible from
>>> Forefront?

>> You could use the "Disclaimer" functionality of FSE.

> Go, on, I give in, where do I find this functionality? I've scoured the


> whole interface, and the help file and also the web, and apart from a
> link back to this thread, all I can find is a technet article on a reg
> hack to permit non-ASCII characters in the disclaimer.
>
> So can you throw me a bone and point me in the right direction?

Sorry, I gave you the wrong answer. The 'Disclaimer' functionality I was
referring to only exists in Antigen and was removed in FSE.
FSE is based on Exchange Server 2007 and with that you'll have a much more
suitable option using Transport Rules within E2k7.

This might help:
How to Configure a Disclaimer
http://technet.microsoft.com/en-us/library/aa996585(EXCHG.80).aspx

Sorry for the confusion.

Peter Lawton

unread,
Jul 24, 2008, 1:41:52 AM7/24/08
to
I totally agree a virus could just as easily add a "scanned by " footer to
make people think the message is safe.

The reason a lot of AV vendors append this footer by default is purely so
that, as well as paying through the nose for their software, you're also
spamming every recipient you send an email to with an advert for
McKafferties AV or some such. It's just like the the footers
"IncrediblyAwfulMail" free version adds email messages so that using their
product you do all their advertising for them.

If you really want to do it just set an Exchange transport rule (if you're
using Exchange 2007, a transport sink if you aren't) to add a meaningless
footer of your choice, it'll be just as valid

My take on it is that it's meaningless and it annoys the recipients of your
emails, why do it

Peter Lawton

"Steve Riley [MSFT]" <steve...@microsoft.com> wrote in message
news:77FBEB9F-F0C8-4C4F...@microsoft.com...

Paul O'Donnell

unread,
Jul 24, 2008, 5:45:25 AM7/24/08
to
"Dieter Rauscher [MVP]" <dieter....@msisafaq.de> wrote in
news:ECDBD0C7-F85A-4BC0...@microsoft.com:

Thank you Dieter.

0 new messages