Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Virus - Log Files
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Virus - Log Files - 20.Feb.2008 2:42:56 AM
|
|
|
khan4u
Posts: 34
Joined: 31.Jul.2007
Status: offline
|
Hi every1 there...
Today i just scanned exchange folder c:\ProgramFiles\Exchsrvr\MDBDATA\*.log from my PC found virus w32/Zhelatin.gen!eml in some of log extension files. As ihave not net installed Antivirus in eachange 2003 server system....How do i get rid of this virus.....
(I am using McAfee AntiVirus system at my PC.)
Your help kindly appreciated...
Khan
|
|
|
|
|
RE: Virus - Log Files - 20.Feb.2008 5:40:53 PM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
Your first mistake was scanning the Exchange directories. That is the quickest way to break Exchange. You should not scan either the transaction logs or the databases with a file level AV scanner.
Are you backing up Exchange regularly? If you are then the log file will be flushed by that process. If you have AV on Exchange then it probably caught the virus through that.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Virus - Log Files - 21.Feb.2008 3:02:46 AM
|
|
|
khan4u
Posts: 34
Joined: 31.Jul.2007
Status: offline
|
Should i go ahead with installation of Antivirus System at exchange machine?
Regards..
Khan
|
|
|
|
|
RE: Virus - Log Files - 21.Feb.2008 9:45:01 AM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
Having AV software installed on the Exchange server is fine - as long as you exclude the directories that are listed in the KB article linked to above.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Virus - Log Files - 23.Feb.2008 4:44:44 AM
|
|
|
khan4u
Posts: 34
Joined: 31.Jul.2007
Status: offline
|
If i install AV and exclude exchange directories then how do i clean the files which are already infected with viruses....
Khan
|
|
|
|
|
RE: Virus - Log Files - 23.Feb.2008 4:53:54 AM
|
|
|
ismail.mohammed
Posts: 2392
Joined: 9.May2007
From: India
Status: offline
|
hi khan,
there is two mode File level and exhange aware antivirus. you need to have exchange aware antivirus
Moreover if you see the http://support.microsoft.com/kb/823166 it is giving some recommendation for some of the third party vendor. already you have Mcafe i guess you can contact them and ask them detail for protecting Exchange Server
|
|
|
|
|
RE: Virus - Log Files - 23.Feb.2008 12:02:20 PM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
As already pointed out, you need to use an Exchange AV product.
My usual preference is to use something different to what is installed on the desktops, so that you have dual layers of protection. Usually that means GFI Mail Security or Microsoft Forefront (which was formally Sybari Antigen, the best Exchange AV product).
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Virus - Log Files - 24.Feb.2008 2:57:33 AM
|
|
|
khan4u
Posts: 34
Joined: 31.Jul.2007
Status: offline
|
GFI mail securiy already in use......recently my ip was blacklisted, from that icome to know that something wrong...so then iwent for remotely scanning my exchange2003 which shows some of log files got affected with virus....
Khan
|
|
|
|
|
RE: Virus - Log Files - 24.Feb.2008 7:11:57 PM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
The log files will not be the cause of your IP address being blacklisted. Logs files are flat data, nothing runs from them. All that means is that an email came in with an attachment and was recorded to the transaction logs.
Depending on how you have GFI configured, it may well have been dealt with already.
Furthermore if you are backing up Exchange regularly those logs files should have been deleted.
The most common cause of a blacklisted IP address, as long as the server is clean, is that a workstation has got compromised. If you only have one IP address then this is almost certainly what has happened.
The quick and dirty method to find the compromised machine is to block port 25 on the firewall for all machines except the firewall and then wait. A machine that is trying to send out spam will quickly fill the logs.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
