Solved

Free antivirus scanner for exchange server?

Posted on 2009-07-08
2
535 Views
Last Modified: 2013-11-22
We are getting calls from our ISP that we have a virus. We have scanned each and every computer using Panda Activescan Pro online and one PC had 15 virus infections but they appeared to be dormant. The ISP cant tell us what computer it is. The only thing I can think of is that it is our server running exchange. We ran Panda on this and it didn't find a virus. Could there possibly be a virus embedded in our exchange? If so, is there a free way to remove and scan? We have a spam filter that is supposed to scan for viruses and spyware before the mail is passed to our server so I doubt something got through but it is possible.
0
Comment
Question by:FASTECHS
2 Comments
 
LVL 23

Assisted Solution

by:debuggerau
debuggerau earned 200 total points
ID: 24811206
I think your question subject might be stumping experts since there is no free AntiVirus for Exchange, and even the ones that are, have issues at times..

Any free Antivirus, if set correctly will give you alarms for queued items, but after that, what is it going to do with them?
If it removed them, exchange errors out..

The only free way i know, is to take it offline and run any of a variety of scanners over ALL files and still it will be with limited success as the database store will not be read.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 300 total points
ID: 24811445
If your ISP is telling you that you have a virus, then you probably are sending out spam messages and thus will get blacklisted.  It is very unlikely that your server is sending out spam, more likely to be an infected machine.  Spammers tend to use their own SMTP engine to send out mail, rather than hoping that there will be one on the infected machine.
Have you downloaded and installed MalwareBytes on all machines (www.malwarebytes.org) - it is a free tool and discovers all sorts of unwanted items.
Lock down your firewall to only send out SMTP traffic on port 25 from your exchange server.
Follow Xmachine's advise in the following EE question - especially to download WireShark and sniff for port 25 traffic from all machines:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_24463550.html?cid=238#a24606079  

Once all machines are checked and clean and no port 25 traffic is detected with WireShark (other than the server), check your reputation on http://www.mxtoolbox.com/blacklists.aspx to see if you are listed (you probably will be).
You will eventually drop off these listings once no more spam is received but it may take a week or so to get clean.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video discusses moving either the default database or any database to a new volume.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now