Solved

Kill that Klez!

Posted on 2002-05-31
13
180 Views
Last Modified: 2010-03-05
I have an Exchange server v 5.5
Lately I been getting allot of Klez viruses, about 1000 in the past two weeks.
Obviously my TVD has failed miserably.
I would like recommendations on virus software well suited for this job.
0
Comment
Question by:jwc02026
  • 5
  • 3
  • 2
  • +3
13 Comments
 
LVL 3

Accepted Solution

by:
jpmarten earned 100 total points
ID: 7047280
Norton for Exchange and Trend ScanMail have worked for me exceptionally well.
0
 
LVL 9

Expert Comment

by:rjcpjc
ID: 7048023
I have had great luck with Trend ScanMail.
0
 
LVL 23

Expert Comment

by:slink9
ID: 7048551
Trend products are what I implemented on a client's system after he contracted Klez.  Have you been able to eradicate it from the local computers yet?  If they are XP it is not so easy.
0
 
LVL 2

Author Comment

by:jwc02026
ID: 7048650
Unfortunately this client is cost sensitive in the extreme.
I believe they are now ready to implement a new/updated company wide a/v solution however, most of the systems are PI or PII with NT4.
I believe I would need a 'light' solution for these.

There are few XP systems however I they believe they are fine as they had Norton and Pccillin out of the box.
0
 
LVL 23

Expert Comment

by:slink9
ID: 7048655
You may be able to scan and clean these by using http://housecall.antivirus.com
0
 
LVL 2

Author Comment

by:jwc02026
ID: 7048728
Yes I have sent this as
a temporary solution, unfortunately there is no enforcement mechanism, in any capacity
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 23

Expert Comment

by:slink9
ID: 7048797
Kind of that "You can lead a horse to water ..." thing?  If you make recomendations but they are not followed, maybe you just need to blow them off.  But hey, they don't follow your recommendations!!  That is more money for you when they do have to call you.  Sounds good to me.
0
 
LVL 2

Author Comment

by:jwc02026
ID: 7048803
Exactly!:)
Penny wise and pound foolish!
0
 
LVL 1

Expert Comment

by:monsterrick
ID: 7050249
I'm using Sybari's Antigen which protects Exchange quite well.

Ricky
0
 
LVL 55

Expert Comment

by:andyalder
ID: 7050961
We have TVD since it protects the mailboxes themselves from a user sending another user a virus plus a seperate virus checker on the SMTP feed running on mailsweeper on a seperate box.

Can you confirm that you have set TVD up correctly, Groupshield running on the information store with the Exchange directories excluded from the filesystem scan.

Also confirm, the users are receiving emails with Klez in them that the local virus checker on their PC detects? Not that they are receiving virus removed emails from groupshield.

You have set groupshield to update/upgrade it's engine and pattern as well as setting up the filesystem scanner to update itself have you?

Do you have a grant number? I know it takes ages to get though to support but I'm sure they would be interested.
0
 
LVL 2

Author Comment

by:jwc02026
ID: 7051005
The client let the subscription end on Goupshield as it was continually getting errors.
Uninstalling it from the workstations has been somewhat difficult.
Given the pat experience of TVD, I am inclined to look elsewhere for a solution.
0
 
LVL 55

Expert Comment

by:andyalder
ID: 7051177
>The client let the subscription end on Groupshield as it was continually getting errors.

That's believable, if you keep updating the signature file but not the engine it tends to crash the server.

No wonder it doesn't catch Klez, the 2 year old virus checker on my home PC doesn't catch it either! ScanMail (as others have suggested) might be the best solution although I like to have a different checker on the servers than on the workstations and a 3rd one on the mail. (actually mailsweeper lets you run half a dozen independant virus checkers on inbound mail but it ain't cheap and uses much CPU).
0
 
LVL 2

Author Comment

by:jwc02026
ID: 7188111
Thanks for the quick response jp!
I have downloaded and installed the Trend scanmail
It works very well.
What really sold me on them was the support.
I sent a simple message to support and they will not let it go!
They contact me constantly asking how it’s going!
I've never encountered such a strong support structure!
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now