Anti Virus Solution to remove Conficker from Exchange 2003 machine

Posted on 2009-04-23
Last Modified: 2012-05-06
For any of you that might have seen my other post today, I have an  Windows Exchange Server that has been infected with the Conficker Virus.  Because of the infection type that is it, I will likely be rebuilding the box from scratch. On this new box I want to have an Anti Virus program that plays nice with Exchange and won't corrupt my stores and will detect and stop Conficker from infecting it.  
Any suggestions on such a product?
I already will be using GFI Mail Security to keep by users boxes clean, but I need something that will keep the server clean as well.

Question by:michaelshavel
    LVL 12

    Accepted Solution

    Hi there;

    A group policy will protect you with the help of a good AV...Personally, I am using Kaspersky in my 2008 server...

    Please examine the following page:

    Best regards...

    Expert Comment

    Trend Micro OfficeScan 8 has an option "Exclude Microsoft Exchange server folders from scanning".  I don't run antivirus on the exchange server preferring regular updates and a good firewall so I don't know how well or if it works.
    LVL 1

    Author Comment


    I too thought it was best to not run an antivirus program on the exchange server.  I've heard of others doing this but some look at me like this is a crazy idea.  Is it a best practice to run it or not to run it?  Do you know?

    Assisted Solution

    I ran AV (Symantec) for a while but a misconfiguration following a server rebuild annoyed me enough to not reinstall it next time. 3 years later I've not regretted that decision (yet, LOL).  I should also note that I admin for a school and not a megacorp so potential loss is on a different scale.

    Conficker like most viruses exploits known weaknesses in Windows / IE.  I find firewalls much more effective than AV.  If you firewall Exchange aggressively it should be pretty secure.  That's not to say it'll be completely secure - nothing is.  Most important though is to keep it updated.  Also don't use it as a workstation, IE is locked down for a reason.

    Expert Comment

    As a follow up - we had an outbreak occur and it managed to infect the exchange server.  It was easily cleaned and no data was lost but I run with AV again now (Trend Micro OFSC 10).  I didn't want to leave my advice out there without people seeing the risks.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Live - One-on-One Exchange Help from Top Experts

    Solve your toughest problems, fast.
    Exchange experts are online now and ready to help you.

    Suggested Solutions

    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    "Migrate" an SMTP relay receive connector to a new server using info from an old server.
    In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
    This video discusses moving either the default database or any database to a new volume.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now