My first FOPE centered blog.

One common issue with FOPE (this also happens in FSS/Antigen) is the 0 day Virus’s that pretend to be a legitimate mail from other senders.

These tend to be small emails asking you to open the file in a zip attached to the email. The file will look like a pdf but its really an executable named “delivery.pdf                    .exe”

These exe files are not caught by any engine right away so some customers see them come through.

There are multiple ways you can block these messages (SPF, policy rules) But I suggest the following.

My first question is always “Do you have any reason to allow executable files via email?” I have yet found a customer that says they need exe’s in emails.  If your email policy allows blocking these message types then I suggest you set up two rules to lower your chances of getting any viruses.

Inbound reject rule (deletes any inbound mail with a compressed file that contains executable attachments)

The 2nd rule is to block files not in compressed files that fit he header information that matches an executable type.

If you have issues logging into any of the Forefront Management Consoles with an Error 500 you most likely changed the service account password.

To verify this is due to a password issue you can check the event logs for

Event ID 10004, Distributed COM

DCOM got error “1326” and was unable to logon <account name> in order to run the server:

{9738A91E-222B-4F3F-8962-6B01144D6ACB}

If that’s there you need to go into Com+ applications under component Services.

Get the properties of the MFSMC.Services object and change the password on the Identity page.

That should resolve the error.