transaction logs infected with viruses PLEASE HELP ASAP (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Information Stores



Message


shafty -> transaction logs infected with viruses PLEASE HELP ASAP (3.Mar.2005 7:11:00 PM)

Hi all,

I was working on an exchange server 2000 today. The client is having problems with exchange intermittenly going offline. I ran a virus check which picked up 20 transation logs which have been infected with viruses. (backup as not been completed in a while). Ran stinger and other various virus removal tools but cannot clean transaction logs. How do I go about removing these pests? Also the exchange m drive (public folders) have also viruses. Will i have a problem removing viruses from this drive. Please can someone shed some light?

Paul.




Henrik Walther -> RE: transaction logs infected with viruses PLEASE HELP ASAP (3.Mar.2005 9:48:00 PM)

Oh my god! You should never ever scan your Exchange Servers transaction logfiles with a file-based AV product, you will soon regret as it's just a matter of time before they become corrupt.

Also see:

Exchange and antivirus software:
http://support.microsoft.com/?id=328841




amuller -> RE: transaction logs infected with viruses PLEASE HELP ASAP (16.Mar.2005 4:38:00 AM)

Henrik. I was not aware a transaction log file can be infected with a virus ?
is this correct?




sgatke -> RE: transaction logs infected with viruses PLEASE HELP ASAP (16.Mar.2005 1:38:00 PM)

Andy,

As far as I am aware, the transaction logs contain datastreams which are similar to some "popular" viruses and worms.
If you set your av-product to scan "on-access", everytime you receive or send an email your scanner will attempt to scan the transaction log files - and, more often than not, this will result in your log files being quarantined - which is a sure way of tilting your Exchange server.

By the way, this is not only an Exchange issue. In general, you don't want your av-product to scan your mail-server related files. Most of the av companies have technotes explaining which folders to ignore.

Hope it helps.

Simon




amuller -> RE: transaction logs infected with viruses PLEASE HELP ASAP (17.Mar.2005 1:57:00 AM)

Thanks for the response Simon. I realize that transaction logs should never be scanned as well as a few other files and folders within the exchange directories. Just did not know they can be infected.

Regards




Page: [1]