Virus in exchange Mail Store
Posted on 2007-12-01
I have an Windows 2003 Server running Exchange 2003. It currently has a copy of Mcafee 8.5i running on the system with the standard exchange server folders being excluded. I have the database being indexed at night and each night I'm getting the following Virus alert when the index starts in the following directory:
When I viewed the directory the file referenced as a virus is is still located in it.
The file C:\WINDOWS\TEMP\gthrsvc\flt428_6000.eml contains the W32/Zhelatin.gen!eml Virus. Undetermined clean error, delete failed. Detected using Scan engine version 5200.2160 DAT version
Event Type: Error
Event Source: McLogEvent
Event Category: None
Event ID: 259
Time: 11:45:04 PM
User: NT AUTHORITY\SYSTEM
Some Web threads discuss excluding this folder as well from virus software, but I'm concerned that it may already be in the Mail Store amd ready to create a potential problem if left alone.
Is this an indication that I have a virus inside of the Mail Store that will need some form of Exchange aware antivirus product? Is there a way to close the mail store and repair the problem with my standard antivirus product. Should GFI Mail Security be able to catch a problem like this in a mail store. Is this just an issue with a folder that has remnants of a infected file that I just shouldn't have scaneed