Solved

Kill that Klez!

Posted on 2002-05-31
13
186 Views
Last Modified: 2010-03-05
I have an Exchange server v 5.5
Lately I been getting allot of Klez viruses, about 1000 in the past two weeks.
Obviously my TVD has failed miserably.
I would like recommendations on virus software well suited for this job.
0
Comment
Question by:jwc02026
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +3
13 Comments
 
LVL 3

Accepted Solution

by:
jpmarten earned 100 total points
ID: 7047280
Norton for Exchange and Trend ScanMail have worked for me exceptionally well.
0
 
LVL 9

Expert Comment

by:rjcpjc
ID: 7048023
I have had great luck with Trend ScanMail.
0
 
LVL 23

Expert Comment

by:slink9
ID: 7048551
Trend products are what I implemented on a client's system after he contracted Klez.  Have you been able to eradicate it from the local computers yet?  If they are XP it is not so easy.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 2

Author Comment

by:jwc02026
ID: 7048650
Unfortunately this client is cost sensitive in the extreme.
I believe they are now ready to implement a new/updated company wide a/v solution however, most of the systems are PI or PII with NT4.
I believe I would need a 'light' solution for these.

There are few XP systems however I they believe they are fine as they had Norton and Pccillin out of the box.
0
 
LVL 23

Expert Comment

by:slink9
ID: 7048655
You may be able to scan and clean these by using http://housecall.antivirus.com
0
 
LVL 2

Author Comment

by:jwc02026
ID: 7048728
Yes I have sent this as
a temporary solution, unfortunately there is no enforcement mechanism, in any capacity
0
 
LVL 23

Expert Comment

by:slink9
ID: 7048797
Kind of that "You can lead a horse to water ..." thing?  If you make recomendations but they are not followed, maybe you just need to blow them off.  But hey, they don't follow your recommendations!!  That is more money for you when they do have to call you.  Sounds good to me.
0
 
LVL 2

Author Comment

by:jwc02026
ID: 7048803
Exactly!:)
Penny wise and pound foolish!
0
 
LVL 1

Expert Comment

by:monsterrick
ID: 7050249
I'm using Sybari's Antigen which protects Exchange quite well.

Ricky
0
 
LVL 55

Expert Comment

by:andyalder
ID: 7050961
We have TVD since it protects the mailboxes themselves from a user sending another user a virus plus a seperate virus checker on the SMTP feed running on mailsweeper on a seperate box.

Can you confirm that you have set TVD up correctly, Groupshield running on the information store with the Exchange directories excluded from the filesystem scan.

Also confirm, the users are receiving emails with Klez in them that the local virus checker on their PC detects? Not that they are receiving virus removed emails from groupshield.

You have set groupshield to update/upgrade it's engine and pattern as well as setting up the filesystem scanner to update itself have you?

Do you have a grant number? I know it takes ages to get though to support but I'm sure they would be interested.
0
 
LVL 2

Author Comment

by:jwc02026
ID: 7051005
The client let the subscription end on Goupshield as it was continually getting errors.
Uninstalling it from the workstations has been somewhat difficult.
Given the pat experience of TVD, I am inclined to look elsewhere for a solution.
0
 
LVL 55

Expert Comment

by:andyalder
ID: 7051177
>The client let the subscription end on Groupshield as it was continually getting errors.

That's believable, if you keep updating the signature file but not the engine it tends to crash the server.

No wonder it doesn't catch Klez, the 2 year old virus checker on my home PC doesn't catch it either! ScanMail (as others have suggested) might be the best solution although I like to have a different checker on the servers than on the workstations and a 3rd one on the mail. (actually mailsweeper lets you run half a dozen independant virus checkers on inbound mail but it ain't cheap and uses much CPU).
0
 
LVL 2

Author Comment

by:jwc02026
ID: 7188111
Thanks for the quick response jp!
I have downloaded and installed the Trend scanmail
It works very well.
What really sold me on them was the support.
I sent a simple message to support and they will not let it go!
They contact me constantly asking how it’s going!
I've never encountered such a strong support structure!
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question