• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 549
  • Last Modified:

Anti Virus Solution to remove Conficker from Exchange 2003 machine

For any of you that might have seen my other post today, I have an  Windows Exchange Server that has been infected with the Conficker Virus.  Because of the infection type that is it, I will likely be rebuilding the box from scratch. On this new box I want to have an Anti Virus program that plays nice with Exchange and won't corrupt my stores and will detect and stop Conficker from infecting it.  
Any suggestions on such a product?
I already will be using GFI Mail Security to keep by users boxes clean, but I need something that will keep the server clean as well.

  • 3
2 Solutions
Hi there;

A group policy will protect you with the help of a good AV...Personally, I am using Kaspersky in my 2008 server...


Please examine the following page:


Best regards...
Trend Micro OfficeScan 8 has an option "Exclude Microsoft Exchange server folders from scanning".  I don't run antivirus on the exchange server preferring regular updates and a good firewall so I don't know how well or if it works.
michaelshavelAuthor Commented:

I too thought it was best to not run an antivirus program on the exchange server.  I've heard of others doing this but some look at me like this is a crazy idea.  Is it a best practice to run it or not to run it?  Do you know?
I ran AV (Symantec) for a while but a misconfiguration following a server rebuild annoyed me enough to not reinstall it next time. 3 years later I've not regretted that decision (yet, LOL).  I should also note that I admin for a school and not a megacorp so potential loss is on a different scale.

Conficker like most viruses exploits known weaknesses in Windows / IE.  I find firewalls much more effective than AV.  If you firewall Exchange aggressively it should be pretty secure.  That's not to say it'll be completely secure - nothing is.  Most important though is to keep it updated.  Also don't use it as a workstation, IE is locked down for a reason.
As a follow up - we had an outbreak occur and it managed to infect the exchange server.  It was easily cleaned and no data was lost but I run with AV again now (Trend Micro OFSC 10).  I didn't want to leave my advice out there without people seeing the risks.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now