Re: NAV Keeps finding a virus in non-existant files!
From: Hank Arnold (rasilon_at_aol.com)
Date: 02/29/04
- Next message: Peretz Stern: "Relay Issue"
- Previous message: Daniel: "RE: Exchange 2003 que clearing"
- In reply to: Dan Townsend [MSFT]: "Re: NAV Keeps finding a virus in non-existant files!"
- Next in thread: Hank Arnold: "Re: NAV Keeps finding a virus in non-existant files!"
- Reply: Hank Arnold: "Re: NAV Keeps finding a virus in non-existant files!"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 29 Feb 2004 02:47:49 -0500
The folders are definitely excluded by the file scanner. Remember, I also
have an Exchange aware plug-in that scans e-mail as it comes in. I think I
have it. All the viruses found are the "MyDoom" variants. And all the alerts
I saw were in incoming mail files. One of the "features" of this virus was
the fact that it send messages to a specific set of userids like Bob@domain.
There is a list of them in the alerts on Symantec, etc.. I have a "Black
Box" distribution list (as described here numerous times) that I added the
userids as they came in. I did this to prevent an NDR being generated. This
leads me to believe that it's these messages that are showing up as
infected. They are "delivered" into the Black Hole...
-- Regards, Hank Arnold "Dan Townsend [MSFT]" <dtown@online.microsoft.com> wrote in message news:uOSe%235V$DHA.2184@TK2MSFTNGP12.phx.gbl... > Sounds like your real-time scan doesn't have it excluded. > > The mail won't be there for you to look at since it was likely delivered or > in the quarentine folder of the AV. > > -- > Hope that helps, > Dan Townsend > > This posting is provided "AS IS" with no warranties, and confers no rights. > Please do not send email to this address, post a reply to this newsgroup. > > Use of included script samples are subject to the terms specified at > http://www.microsoft.com/info/cpyright.htm > > "Hank Arnold" <rasilon@aol.com> wrote in message > news:%23r%23JNaR$DHA.3188@TK2MSFTNGP09.phx.gbl... > > I had already done this. I've seen the "My data sore file had a virus and > > the AV deleted it!!!" messages. The regularly scheduled NAV scan excludes > > the entire C:\EXCHSRVR directory. That's what was puzzling me. The notices > > show a time stamp of about 4:30AM. The NAV scan on the exchange server is > > done at 1:00AM. It looks like the alerts are not there today. I'm starting > > to suspect that it was finding the problems in some log files that were in > > the recycle bin. > > > > Oh, well...... If they come back, so will I.... ;-) > > > > -- > > Regards, > > Hank Arnold > > > > "Dan Townsend [MSFT]" <dtown@online.microsoft.com> wrote in message > > news:OJhO$RG$DHA.2808@TK2MSFTNGP10.phx.gbl... > > > You need to exclude the Exchange folders from file-level scans. The > > > Exchange Aware AV will handle this mail. > > > > > > -- > > > Hope that helps, > > > Dan Townsend > > > > > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > > Please do not send email to this address, post a reply to this > newsgroup. > > > > > > Use of included script samples are subject to the terms specified at > > > http://www.microsoft.com/info/cpyright.htm > > > > > > "Hank Arnold" <rasilon@aol.com> wrote in message > > > news:uG9SECG$DHA.2592@TK2MSFTNGP10.phx.gbl... > > > > We run Norton Antivirus CE (V7.5) on our servers along with the > Exchange > > > > aware plug-in. I monitor the Symantec System Console and it keeps > > showing > > > > our Exchange server as having a virus. When I check the log, I see > that > > it > > > > keeps saying that it found a virus in about 100 files. They all are in > > the > > > > C:\EXCHSRVR\imcdata\in directory. However, when I look there, I don't > > see > > > > it. They are all of the form 1N6JG6Q7. I've searched the entire drive > > and > > > > they are no where to be found. > > > > > > > > Any ideas on how to investigate this further?? > > > > > > > > -- > > > > Regards, > > > > Hank Arnold > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Peretz Stern: "Relay Issue"
- Previous message: Daniel: "RE: Exchange 2003 que clearing"
- In reply to: Dan Townsend [MSFT]: "Re: NAV Keeps finding a virus in non-existant files!"
- Next in thread: Hank Arnold: "Re: NAV Keeps finding a virus in non-existant files!"
- Reply: Hank Arnold: "Re: NAV Keeps finding a virus in non-existant files!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
