Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Free antivirus scanner for exchange server?

Posted on 2009-07-08
2
Medium Priority
?
544 Views
Last Modified: 2013-11-22
We are getting calls from our ISP that we have a virus. We have scanned each and every computer using Panda Activescan Pro online and one PC had 15 virus infections but they appeared to be dormant. The ISP cant tell us what computer it is. The only thing I can think of is that it is our server running exchange. We ran Panda on this and it didn't find a virus. Could there possibly be a virus embedded in our exchange? If so, is there a free way to remove and scan? We have a spam filter that is supposed to scan for viruses and spyware before the mail is passed to our server so I doubt something got through but it is possible.
0
Comment
Question by:FASTECHS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Assisted Solution

by:debuggerau
debuggerau earned 800 total points
ID: 24811206
I think your question subject might be stumping experts since there is no free AntiVirus for Exchange, and even the ones that are, have issues at times..

Any free Antivirus, if set correctly will give you alarms for queued items, but after that, what is it going to do with them?
If it removed them, exchange errors out..

The only free way i know, is to take it offline and run any of a variety of scanners over ALL files and still it will be with limited success as the database store will not be read.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1200 total points
ID: 24811445
If your ISP is telling you that you have a virus, then you probably are sending out spam messages and thus will get blacklisted.  It is very unlikely that your server is sending out spam, more likely to be an infected machine.  Spammers tend to use their own SMTP engine to send out mail, rather than hoping that there will be one on the infected machine.
Have you downloaded and installed MalwareBytes on all machines (www.malwarebytes.org) - it is a free tool and discovers all sorts of unwanted items.
Lock down your firewall to only send out SMTP traffic on port 25 from your exchange server.
Follow Xmachine's advise in the following EE question - especially to download WireShark and sniff for port 25 traffic from all machines:
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_24463550.html?cid=238#a24606079  

Once all machines are checked and clean and no port 25 traffic is detected with WireShark (other than the server), check your reputation on http://www.mxtoolbox.com/blacklists.aspx to see if you are listed (you probably will be).
You will eventually drop off these listings once no more spam is received but it may take a week or so to get clean.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
New style of hardware planning for Microsoft Exchange server.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question