Re: Exchange, Symantec Antivirus, and mydoom issues

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Evan Mann (ask_at_for.it)
Date: 02/07/04 

Date: Sat, 07 Feb 2004 13:48:18 GMT

The newer versions of SAV Client (at least 8.0 and 8.1) will automatically
detect major MS applications and ignore the files/folders that should not be
scanned, but only on the C drive. It does this for SQL Server and Exchange
2003. It won't pick up any other drives where you may be storing logs or
partitions however, which is a stupid oversight IMO.

"Zigby" <zippy@nuze.net> wrote in message
news:qv49205cu0euvdpdcefjc9jj42vpf5cnu1@4ax.com...
> This has been one of the toughest weeks at work. We lost 4 servers in
> the last 2 days - all having to be re-built in one way or another
> (restored, reinstalled, mtachecked etc.)
>
> This was all due to the person who configures SAV (file antivirus
> scanner) not properly setting up the exchange folders as being exempt
> from virus scanning.
>
> What was happening is that SAV would find a file... say a file in the
> mta directory, or say a file such as EDB00.log... and simply delete
> it. Exchange doesn't like that - we all know this, we know you don't
> let file scanners quarantine or delete system files or mail database
> logs etc.
>
> Well, by the time the setting were put into place properly, SAV had
> detected 4 such files on 4 separate servers. I spend the entire last
> 2 days restoring email servers and trying to explain why we can't keep
> our servers running.
>
> So..... just in case anyone out there hasn't done it - get Microsoft's
> Q article on proper installation and operation of antivirus on an
> Exchange server... don't let your antivirus (file scanner) client
> break your email servers.
>
> Oh, and keep it away from your email scanner as well... we had one
> installation of Trend trashed due to trend and Symantec fighting over
> quarantined virus files...
>
> End of story...
>
>
> ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet
News==----
> http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000
Newsgroups
> ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption
=---
>

Relevant Pages

  • Re: Read/Write Errors
    ... We had an update of our scanner which made our programs "crash" because it ... but only in the routines that use Mediator. ... My network admins claim nothing's wrong with the servers, ...
    (comp.lang.clipper)
  • Re: Security issue with MS Exchange and Windows 2003 Server
    ... using the Trend Micro module. ... It is NOT designed to work on a Email post office but it has the capability of scanning MIME ... This is more or less for clients, not servers. ... on a email Post Office the AV scanner must be MAPI or VIM compliant. ...
    (microsoft.public.security.virus)
  • Re: Profile Issue
    ... We took laptops from 10.1.5.5000 to 10.1.5.5010 with the MRT patch and it didn't seem to help. ... > There is theory that SAV scanning directory with> user ... >> We have been upgrading servers to Server 2003. ...
    (microsoft.public.win2000.active_directory)
  • Re: Trendmicro Viruswall Linux POP scanning
    ... > connections to external POP3 servers that run no scanner. ... up to date desktop scanning and rational access controls at it's ...
    (comp.security.firewalls)
  • Re: Help me with my e-mail & Spam Killer from MCAFEE
    ... I am trying to get my spamkiller to work and I don't know how to have my scanner read or connect with my e-mail.Does anyone have this program and can you walk me through? ... SMTP servers are for email transfer. ... using your ISP SMTP servers, port 25 is most likely still the default. ... I don't know how well the McAfee Spamkiller works. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)