Solved

Exchange Server 2003: virus requires a rebuild... any suggestions?

Posted on 2007-03-27
5
269 Views
Last Modified: 2013-11-22
I'm using exchange server 2003 standard sp2 on windows server 2003 sp1 standard running on a dell pe2850.

Problem is the server had a/v file scanning pretty much turned off and no a/v on the store, although I've done a virus scan of the store and found nothing.

Excuse the sarcasm but the next obvious statement is this: I've recently been the proud recipient of a virus on the server. It is now sending emails out as a hijacked spam server, and rbl's are blacklisting like crazy.

As a proficient Technology Manager I know better but the guy at my previous post wasn't exactly proficient.

I don't expect to save this build and I know the exchange server has to be reinstalled and the private/public stores reattached, but does anyone have a tutorial or step-by-step to complete this process?

I've found some information on doing a reinstall with the /DisasterRecovery option, but is that the best or only option, or are there other, better solutions. Unfortunately although I can manage exchange servers, I've never degraded them to the point of requiring a rebuild and thereby never done a rebuild of this nature.

Any help would be much appreciated.
0
Comment
Question by:lbeg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 35

Accepted Solution

by:
rakeshmiglani earned 500 total points
ID: 18800611
if the server has been compromised then it is a good idea to rebuild it
the steps that i would follow in this case are
1) take backups of databases (offline and online)
2) stop and disable all the exchange services
3) disconnect the computer from the domain
4) format the box
5) install same OS and apply SP (same like before the rebuild)
6) server should have the same name as before
7) Join it to the domain
8) install exchange using the disasterrecovery switch
9) install anti-virus with the latest virus definations and scan the server
10) set the exclusions for exchange
11) restore the database
12) check services and application logs for errors
13) check mail flow

I would follow the above mentioned steps if the sever was a member server.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18801141
First thing I would check is whether it is the Exchange server that is infected.
Trojans don't just appear on the server. Unless you have been careless to browse to dodgy sites from the server itself then the chances of infection are quite slim. You need to have actual access to the server to install anything. If a hacker has got access to the server then you have bigger things to worry about.

Furthermore, I don't scan the information store on any of my clients servers. I don't see the need or the point. There is AV scanning on the workstations and I use a gateway product to deal with the virus messages as it comes in. Therefore the fact that you were not scanning your store does not means it was infected.

Therefore before you go destroying the Exchange server I would be sure that it is that actual machine that is infected. If you only have one IP address then any infected workstation on your network would get the IP address blacklisted.

Simon.
0
 
LVL 1

Author Comment

by:lbeg
ID: 18801604
Sembee, would you agree with Rakesh? Are there any steps or details you'd like to add?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18801773
Depends where the compromise is.
You could be bringing the infection across with the data.

I always like to verify what machine is compromised before doing anything. The simplest way to do that is block port 25 on the firewall, turn up logging and see where the traffic is coming from. Most cases it is not the Exchange server.

Simon.
0
 
LVL 1

Author Comment

by:lbeg
ID: 18831382
Sembee,
Thanks but no thanks, I didn't ask for conceptual ideas on whether or not an exchange server needs antivirus.

Rakesh, I'm almost halfway done with your list. Thanks for the info.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video discusses moving either the default database or any database to a new volume.

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question