• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 354
  • Last Modified:

Exchange 2010-2013 Migration Malware Issues

I am in the midst of an Exchange 2010 to 2013 SP1 migration.  I recently noticed that, as I started moving mailboxes to my new server, my SCEP 2012 file-system antivirus client started screaming about tons of malware in the TEMP folder.  My question is, where is this malware coming from?  What does Exchange use the TEMP folder for?  Is this malware actually manifested in items in users' mailboxes, or is my new server infected at the OS level?  I find it hard to believe that my new server is infected by anything other than mailbox content, as it is behind two firewalls and I just created it two weeks ago.  SCEP seems to be deleting the files it finds in the TEMP directory.  Should I do something more?  Please advise.  I've created all of the file type, process, and location exceptions that Microsoft recommends for OS-level malware clients.
0
marrj
Asked:
marrj
  • 2
1 Solution
 
basil2912Commented:
Hello,

Use http://support.microsoft.com/kb/822158 and http://technet.microsoft.com/en-us/library/bb332342(v=exchg.141).aspx to setup exclusions, hope it clears things.

Temporary files? exchange uses paging pretty much so that can be a possible reason.

Exchange Server sometimes creates LB*.TMP files in the %SystemRoot%\TEMP folder. These files can create information store errors and disk space issues if not managed properly.

Unsure if this applies to exchange 2013 though.
0
 
marrjAuthor Commented:
Thanks for the technet articles.  Those are the same ones I followed to set up exclusions.

So far, all of the malware files have had a .tmp extension.  If my mailboxes are that infected, what would be a good approach for cleaning them up?
0
 
marrjAuthor Commented:
I have attached a screenshot of a portion of the very long list that shows what kind of malware is popping up.  This was taken from SCEP2012 R2
Capture.JPG
0
 
Gerwin Jansen, EE MVETopic Advisor Commented:
>>  If my mailboxes are that infected, what would be a good approach for cleaning them up?

A few options:
- Using an add-on of your regular virus scanner that scans your mailboxes
- Using a virus scanner specifically for your Exchange server

Scanning the Exchange server itself with MBAM for example wouldn't harm https://www.malwarebytes.org/mwb-download/ - Home and Business downloads available.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now