sim2k_support
asked on
Quarantined virus file on server
We have a Win 2000 domain controller that is also the exchange server that for the last 2 weeks has shown virus activity in the wekly scans. The scan reports it as mydoom 2 weeks ago there were 128 items in quarantine, this week there were 10. One example of the quarantined file is: 003a8522919011220060000000 8.BAD and it is found in: D:\Program Files\Exchsrvr\Mailroot\vs i 1\BadMail\
There are also some netsky files found. We have run the removal tool for mydoom and it says none found. Users continue to get spam like emails, is there anything we can try? They are running SAVCE server on the machine.
Thanks,
There are also some netsky files found. We have run the removal tool for mydoom and it says none found. Users continue to get spam like emails, is there anything we can try? They are running SAVCE server on the machine.
Thanks,
Are you worried about the viruses, or about the spam e-mails themselves?
Here a couple of links for removal tools. Please read the small print (instructions), there are some tips for running on Exchange. The Symantec tool is specific to netsky while the Grisoft tool is more generic. I have used The Grisoft tool and the Symantec tool. They need to be done while in safe mode so email will prbably be offline fo you.
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2004-021816-1759-9
http://free.grisoft.com/doc/8/lng/us/tpl/v5
Another possiblity is that is is another form of malware. I would run Spybot Search and Destroy and/or Lavasoft's Adaware to check for other types of trojans, etc.
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2004-021816-1759-9
http://free.grisoft.com/doc/8/lng/us/tpl/v5
Another possiblity is that is is another form of malware. I would run Spybot Search and Destroy and/or Lavasoft's Adaware to check for other types of trojans, etc.
Hi sim2k_support,
This situation is one of many reasons why it is never recommended to run Exchange on a DC.
When I was working the Exchange & Servers side, we had a specific Exchange AV application from Symantec - I don't think the SAVCE is designed for Exchange.
You might want to put a 20 point 'Pointer' question over in the "Windows Server 2003 and Exchange___" TA's.
The folks over there are well-versed in this.
Just open a new post (minimum 20 points) with a title like "500 easy points" and include the URL of this question.
When your question is answered, you can request a refund of the 20 points.
Good Luck,
Vic
This situation is one of many reasons why it is never recommended to run Exchange on a DC.
When I was working the Exchange & Servers side, we had a specific Exchange AV application from Symantec - I don't think the SAVCE is designed for Exchange.
You might want to put a 20 point 'Pointer' question over in the "Windows Server 2003 and Exchange___" TA's.
The folks over there are well-versed in this.
Just open a new post (minimum 20 points) with a title like "500 easy points" and include the URL of this question.
When your question is answered, you can request a refund of the 20 points.
Good Luck,
Vic
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
jared_luker,
Glad you agree with me on a specific Exchange AV application.
I can't agree on the Symantec product though - way too many problems with Norton/Symantec over the past few years.
The only AV product I recommend in an Enterprise environment is McAfee.
http://www.mcafee.com/us/smb/products/security_suite_solutions/index.html
Vic
Glad you agree with me on a specific Exchange AV application.
I can't agree on the Symantec product though - way too many problems with Norton/Symantec over the past few years.
The only AV product I recommend in an Enterprise environment is McAfee.
http://www.mcafee.com/us/smb/products/security_suite_solutions/index.html
Vic
ASKER
Most of those files were already out of the scan, I have removed the rest, it is set to run Sunday at noon so we will see what it finds.
younghv...
The symantec reference was just an example that I could quickly find a URL.
I can't agree with you on the McAfee solution though! :)
The symantec reference was just an example that I could quickly find a URL.
I can't agree with you on the McAfee solution though! :)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
jared - at least we agree on an "Exchange" product versus a generic AV app ;)
Vic
Vic
No objection.
Not here.