I made sure all our servers are patched and the appropriate patches have been installed on the workstations. The anti-virus software we use has been checked for up-to-date signatures and virus engines. We are still getting messages through the e-mail server, some of which have the attachment and some don’t. Are there any other precautions we can take?
 - Via the Internet
 
Yes, there are. The first thing I would do is go to www.cert.org and get a copy of the CA-2003-20 Advisory on the Blaster worm. Make sure you’re blocking the ports mentioned in the Advisory at your firewall or at the router that connects your network to the Internet. Even though you have probably prepared as best you can, I would also recommend blocking all ICMP traffic outbound from your network. I saw an advisory on Cisco's Web site, which gave me cause for concern because of the Nachi worm. It can cause excessive traffic outbound through your router to the point at which it causes excessive utilization at the router and could cause the intermittent dropping of interfaces on the router, resulting in momentary disruption of your Internet connection.
 
You don’t mention what type of e-mail scanning software you’re using, if you are using something. This is another good tool that can block some or all of the messages that contain virus payloads. There are several good packages available.

Until you can find something, get it installed and configured, there is another option you can pursue. By implementing a basic access control list in your router, you can block the IP addresses that are sending most or all of these e-mails to you. From the ones I’ve seen personally, none have come from what I would recognize as a standard mail server. Assuming you’re using Outlook as your e-mail client, display one of the messages that has been going around, click on View, Options and look for the first IP address you see in the Internet headers box. This is the IP address of the system from which your mail server received the message. After you have built a list of the IP addresses sending you virus e-mails, you can create an access control list in your router to block these systems from talking to you. This runs the risk of blocking valid e-mail, but I haven’t had that problem so far. Assuming you are using a Cisco router, go into configuration mode and type access-list 1 (this number may change depending on how may basic access control lists you’re using) deny host x.x.x.x (substitute the IP address of the offending e-mail server here).