Solved

Exchange 2010-2013 Migration Malware Issues

Posted on 2014-07-27
5
343 Views
Last Modified: 2014-10-09
I am in the midst of an Exchange 2010 to 2013 SP1 migration.  I recently noticed that, as I started moving mailboxes to my new server, my SCEP 2012 file-system antivirus client started screaming about tons of malware in the TEMP folder.  My question is, where is this malware coming from?  What does Exchange use the TEMP folder for?  Is this malware actually manifested in items in users' mailboxes, or is my new server infected at the OS level?  I find it hard to believe that my new server is infected by anything other than mailbox content, as it is behind two firewalls and I just created it two weeks ago.  SCEP seems to be deleting the files it finds in the TEMP directory.  Should I do something more?  Please advise.  I've created all of the file type, process, and location exceptions that Microsoft recommends for OS-level malware clients.
0
Comment
Question by:marrj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 5

Expert Comment

by:basil2912
ID: 40223683
Hello,

Use http://support.microsoft.com/kb/822158 and http://technet.microsoft.com/en-us/library/bb332342(v=exchg.141).aspx to setup exclusions, hope it clears things.

Temporary files? exchange uses paging pretty much so that can be a possible reason.

Exchange Server sometimes creates LB*.TMP files in the %SystemRoot%\TEMP folder. These files can create information store errors and disk space issues if not managed properly.

Unsure if this applies to exchange 2013 though.
0
 
LVL 1

Author Comment

by:marrj
ID: 40223940
Thanks for the technet articles.  Those are the same ones I followed to set up exclusions.

So far, all of the malware files have had a .tmp extension.  If my mailboxes are that infected, what would be a good approach for cleaning them up?
0
 
LVL 1

Author Comment

by:marrj
ID: 40331094
I have attached a screenshot of a portion of the very long list that shows what kind of malware is popping up.  This was taken from SCEP2012 R2
Capture.JPG
0
 
LVL 38

Accepted Solution

by:
Gerwin Jansen, EE MVE earned 500 total points
ID: 40332308
>>  If my mailboxes are that infected, what would be a good approach for cleaning them up?

A few options:
- Using an add-on of your regular virus scanner that scans your mailboxes
- Using a virus scanner specifically for your Exchange server

Scanning the Exchange server itself with MBAM for example wouldn't harm https://www.malwarebytes.org/mwb-download/ - Home and Business downloads available.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question