Exchange 2010-2013 Migration Malware Issues

I am in the midst of an Exchange 2010 to 2013 SP1 migration.  I recently noticed that, as I started moving mailboxes to my new server, my SCEP 2012 file-system antivirus client started screaming about tons of malware in the TEMP folder.  My question is, where is this malware coming from?  What does Exchange use the TEMP folder for?  Is this malware actually manifested in items in users' mailboxes, or is my new server infected at the OS level?  I find it hard to believe that my new server is infected by anything other than mailbox content, as it is behind two firewalls and I just created it two weeks ago.  SCEP seems to be deleting the files it finds in the TEMP directory.  Should I do something more?  Please advise.  I've created all of the file type, process, and location exceptions that Microsoft recommends for OS-level malware clients.
LVL 1
marrjAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

basil2912Commented:
Hello,

Use http://support.microsoft.com/kb/822158 and http://technet.microsoft.com/en-us/library/bb332342(v=exchg.141).aspx to setup exclusions, hope it clears things.

Temporary files? exchange uses paging pretty much so that can be a possible reason.

Exchange Server sometimes creates LB*.TMP files in the %SystemRoot%\TEMP folder. These files can create information store errors and disk space issues if not managed properly.

Unsure if this applies to exchange 2013 though.
0
marrjAuthor Commented:
Thanks for the technet articles.  Those are the same ones I followed to set up exclusions.

So far, all of the malware files have had a .tmp extension.  If my mailboxes are that infected, what would be a good approach for cleaning them up?
0
marrjAuthor Commented:
I have attached a screenshot of a portion of the very long list that shows what kind of malware is popping up.  This was taken from SCEP2012 R2
Capture.JPG
0
Gerwin Jansen, EE MVETopic Advisor Commented:
>>  If my mailboxes are that infected, what would be a good approach for cleaning them up?

A few options:
- Using an add-on of your regular virus scanner that scans your mailboxes
- Using a virus scanner specifically for your Exchange server

Scanning the Exchange server itself with MBAM for example wouldn't harm https://www.malwarebytes.org/mwb-download/ - Home and Business downloads available.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.