Solved

Exchange 2010-2013 Migration Malware Issues

Posted on 2014-07-27
5
332 Views
Last Modified: 2014-10-09
I am in the midst of an Exchange 2010 to 2013 SP1 migration.  I recently noticed that, as I started moving mailboxes to my new server, my SCEP 2012 file-system antivirus client started screaming about tons of malware in the TEMP folder.  My question is, where is this malware coming from?  What does Exchange use the TEMP folder for?  Is this malware actually manifested in items in users' mailboxes, or is my new server infected at the OS level?  I find it hard to believe that my new server is infected by anything other than mailbox content, as it is behind two firewalls and I just created it two weeks ago.  SCEP seems to be deleting the files it finds in the TEMP directory.  Should I do something more?  Please advise.  I've created all of the file type, process, and location exceptions that Microsoft recommends for OS-level malware clients.
0
Comment
Question by:marrj
  • 2
5 Comments
 
LVL 5

Expert Comment

by:basil2912
ID: 40223683
Hello,

Use http://support.microsoft.com/kb/822158 and http://technet.microsoft.com/en-us/library/bb332342(v=exchg.141).aspx to setup exclusions, hope it clears things.

Temporary files? exchange uses paging pretty much so that can be a possible reason.

Exchange Server sometimes creates LB*.TMP files in the %SystemRoot%\TEMP folder. These files can create information store errors and disk space issues if not managed properly.

Unsure if this applies to exchange 2013 though.
0
 
LVL 1

Author Comment

by:marrj
ID: 40223940
Thanks for the technet articles.  Those are the same ones I followed to set up exclusions.

So far, all of the malware files have had a .tmp extension.  If my mailboxes are that infected, what would be a good approach for cleaning them up?
0
 
LVL 1

Author Comment

by:marrj
ID: 40331094
I have attached a screenshot of a portion of the very long list that shows what kind of malware is popping up.  This was taken from SCEP2012 R2
Capture.JPG
0
 
LVL 37

Accepted Solution

by:
Gerwin Jansen earned 500 total points
ID: 40332308
>>  If my mailboxes are that infected, what would be a good approach for cleaning them up?

A few options:
- Using an add-on of your regular virus scanner that scans your mailboxes
- Using a virus scanner specifically for your Exchange server

Scanning the Exchange server itself with MBAM for example wouldn't harm https://www.malwarebytes.org/mwb-download/ - Home and Business downloads available.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This video discusses moving either the default database or any database to a new volume.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now