Re: Symantec Mail Security 4.5 and Exchange 2003
From: clath13 (clath13_at_discussions.microsoft.com)
Date: 08/23/04
- Next message: Greg: "Moving from POP3 to Outlook/Exchange"
- Previous message: Fred: "OWA and external access"
- In reply to: Jim McBee \(MVP\): "Re: Symantec Mail Security 4.5 and Exchange 2003"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 23 Aug 2004 04:31:01 -0700
Hi Jim, Thanks for the reply. This 2003 server has only been up for a couple
of weeks. It is a clean install of Windows 2003 and Exchange 2003. I have
an Exchange 5.5 box that is currently handling my mail. I will decommission
it once I have moved all the mailboxes over to the new one. I came in this
morning and found 100 messages from the new box telling me of two virus
outbreaks. One of the outbreaks is identical to the one I referenced
initially the other one is new. I will track down the new attachments.
Based on what you wrote I am going to turn off the manual scan and see if it
stops with the outbreak. I frequently check my Exchange 5.5 IMC queue and
rarely see anything in there so I don't think that's where the messages are
originating.
"Jim McBee (MVP)" wrote:
> I have seen some similar problems with Symantec Mail Security. When
> installed, it runs a manual scan and scans everything using the newest
> signatures. I had a customer recently that upgraded to SMSMSE 4.5 and they
> saw a couple of dozen messages get scanned and quarantined that had been in
> the store for a long time. I never really pursued the issue since the
> problem did not re-occur.
>
> The "SMTP
> (MONSTER-{BB45626A-AFC2-4607-AA6B-FA41A228A761})/NON_IPM_SUBTREE/MTS-OUT"
> location is a temporary location that the SMTP service uses when moving
> messages to the MTA. It is possible something had been stalled in this
> special mailbox for the past couple of years. Exchange 5.5 had a tendancy
> to do that; it frequently let mail get stalled in the IMS mailbox.
>
> Do you have any Exchange 5.5 servers? Was this machine upgraded from
> Exchange 5.5 to 2000 to 2003?
>
> Jim McBee
> http://www.somorita.com
>
>
>
> "clath13" <clath13@discussions.microsoft.com> wrote in message
> news:3E40B6D5-3403-49F7-8A2F-E899B2BC5049@microsoft.com...
> > I'm testing an Exchange 2003 server and have only 2 mailboxes running on
> > it
> > beside the system boxes. Symantec Mail Security is sending me the
> > following
> > message about detected virus':
> >
> > Location of the infected item: SMTP
> > (MONSTER-{BB45626A-AFC2-4607-AA6B-FA41A228A761})/NON_IPM_SUBTREE/MTS-OUT
> > Sender of the infected item: SMTP
> > (MONSTER-{BB45626A-AFC2-4607-AA6B-FA41A228A761})
> > Recipient of the message: /NON_IPM_SUBTREE/MTS-OUT
> > Subject of the message: None
> > The attachment "ATT00002.doc, ATT00005.doc, Lansing Orchestra Director of
> > Education cover letter.doc" was Quarantined for the following reasons:
> > Virus W97M.Marker.gen was found.
> > Virus W97M.Nono.A was found.
> >
> > This was done due to the following Symantec Mail Security settings:
> > Policy: Standard
> > SubPolicy: Virus SubPolicy
> > Rule: Basic Virus Rule
> >
> > Monster is my 2003 mail server. I have set up mail journaling to filter
> > all
> > outgoing and incoming mail to a mailbox but nothing is showing up there
> > regarding the above message. What's really strange is the attachments are
> > my
> > bosses from the year 2000 and do not exist anywhere in my organizations
> > files
> > on any server. Can anyone help me determine who is sending and/or
> > recieving
> > these messages and how they are getting to my new Exchange 2003 server? I
> > have quarantined (and cleaned) the attachments but can't get much info out
> > of
> > them.
> >
> > Thanks for the help
> >
>
>
>
- Next message: Greg: "Moving from POP3 to Outlook/Exchange"
- Previous message: Fred: "OWA and external access"
- In reply to: Jim McBee \(MVP\): "Re: Symantec Mail Security 4.5 and Exchange 2003"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
