Link to home
Start Free TrialLog in
Avatar of archaic0
archaic0Flag for United States of America

asked on

Infection problem on Exchange Server

I recently was called in to work on a customer mail server and discovered that their problem boiled down to several infections.  They had been running some demo software because they couldn't afford to buy a server anti-virus program yet and the trial had run out ages ago.

What I'm trying to help them find out is the likely source of the infection.  This server is not ever used at the console, so there are only 2 places the world gets to this server.   One is the mail traffic of course.  But can a virus stored in an email infect the Exchange server itself?  Second is the fact that they service computers of friends sometimes and they bring infected machines onto their lan to run spyware scans often.

No other servers on their lan are coming up infected so Is the more likely cause the email traffic?  I would think that while bringing in infected PCs is dumb, it would infect much more than just the mail server, right?  Or are there special vulnerabilities in an Exchange server but not a normal 2003 server that from the LAN can be hit pretty hard?

Thanks in advance!
ASKER CERTIFIED SOLUTION
Avatar of Mohamed Osama
Mohamed Osama
Flag of Egypt image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of archaic0

ASKER

Well avast listed trojan-gen as the name for most of files infected, I also saw backdoor impy family and win32 tcpscan.  The only exe that I saw myself was mythis.exe.

The server was only missing 6 updates when I ran them today, but one of those could have been critical I guess.

I know the only port open from the world is 25 though, so the problem would have be be with the mail server for it to be exploited from the world.  The other problems could be hit from the LAN though from the infected PCs.

Right now I've installed Avast server with the exchange add-on but buying all that will be over $1800.  So I'm trying to decide if their money is best spent on the server anti-virus or segregating their network first.  Both need to be done, no doubt, but I want to address the most likely cause first if I can.

I'm still quite curious if user mail has any chance at infecting the server.  If not, then the avast server version can be had for $600 without mailbox scanning.  They have local scanners on their workstations and while you can never have too much protection, money is a concern here.

Thanks for your input.