Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange 2010-2013 Migration Malware Issues

Posted on 2014-07-27
5
341 Views
Last Modified: 2014-10-09
I am in the midst of an Exchange 2010 to 2013 SP1 migration.  I recently noticed that, as I started moving mailboxes to my new server, my SCEP 2012 file-system antivirus client started screaming about tons of malware in the TEMP folder.  My question is, where is this malware coming from?  What does Exchange use the TEMP folder for?  Is this malware actually manifested in items in users' mailboxes, or is my new server infected at the OS level?  I find it hard to believe that my new server is infected by anything other than mailbox content, as it is behind two firewalls and I just created it two weeks ago.  SCEP seems to be deleting the files it finds in the TEMP directory.  Should I do something more?  Please advise.  I've created all of the file type, process, and location exceptions that Microsoft recommends for OS-level malware clients.
0
Comment
Question by:marrj
  • 2
5 Comments
 
LVL 5

Expert Comment

by:basil2912
ID: 40223683
Hello,

Use http://support.microsoft.com/kb/822158 and http://technet.microsoft.com/en-us/library/bb332342(v=exchg.141).aspx to setup exclusions, hope it clears things.

Temporary files? exchange uses paging pretty much so that can be a possible reason.

Exchange Server sometimes creates LB*.TMP files in the %SystemRoot%\TEMP folder. These files can create information store errors and disk space issues if not managed properly.

Unsure if this applies to exchange 2013 though.
0
 
LVL 1

Author Comment

by:marrj
ID: 40223940
Thanks for the technet articles.  Those are the same ones I followed to set up exclusions.

So far, all of the malware files have had a .tmp extension.  If my mailboxes are that infected, what would be a good approach for cleaning them up?
0
 
LVL 1

Author Comment

by:marrj
ID: 40331094
I have attached a screenshot of a portion of the very long list that shows what kind of malware is popping up.  This was taken from SCEP2012 R2
Capture.JPG
0
 
LVL 38

Accepted Solution

by:
Gerwin Jansen, EE MVE earned 500 total points
ID: 40332308
>>  If my mailboxes are that infected, what would be a good approach for cleaning them up?

A few options:
- Using an add-on of your regular virus scanner that scans your mailboxes
- Using a virus scanner specifically for your Exchange server

Scanning the Exchange server itself with MBAM for example wouldn't harm https://www.malwarebytes.org/mwb-download/ - Home and Business downloads available.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question