Re: Ongoing Virus problem

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Kevin Weilbacher [SBS-MVP] (kweilbacMVP_at_gte.net)
Date: 08/30/04 

Date: Mon, 30 Aug 2004 18:54:57 -0400

what do you mean when you say -- "except exchange of course"?

If you are not running an Exchange based mail scanner, then you're not
catching anything until it gets into the user's mailbox and they pick it up
with Outlook. Not quite the optimal situation, in my view. 

-- 
Kevin Weilbacher [SBS-MVP]
"The days pass by so quickly now, the nights are seldom long"
"susan" <smcrey@mindspring.com> wrote in message 
news:egpsmCujEHA.3348@TK2MSFTNGP12.phx.gbl...
> I'm having a problem in that we receive 5-15 virus infected emails every
> day. Yes, I do have antivirus and sometimes it strips the attachment and
> sometimes it doesn't (eTrust antivirus by CA). Sometimes the virus
> identified is Netsky.P and sometimes Netsky.C and i've had a few id'd as
> Netsky.Z -- some say "trojan", some say "worm" !
>
> I have virus scanned (and online scanned using Symantec's online scanner)
> every workstation, laptop and the server (except exchange of course) and 
> can
> find NOTHING! I've researched the virus'es and know what to look for in 
> the
> registry etc. and find nothing indicating infection at any station.
>
> These infected emails sometimes have a "sender" address that is familiar,
> but most often not.
>
> I check the headers and what's puzzling is that they read: sent from
> "mydomain.org" received by "mail.mydomain.org".... does this automatically
> mean that they are happening WITHIN the network??? The ip address of the
> supposed "sender" is not a valid internal address, but i realize all this
> stuff could be spoofed...
>
> I'm puzzled and don't know what else to do. I just have to find out what I
> can do about this as babysitting the mail is tiring.
>
> Any ideas, suggestions, advice??
>
>

Relevant Pages

  • Re: Virenscanner wirklich erforderlich?
    ... Mit Virenscannern auf PC habe ich die ... oder so ein Scanner, der die ein- und ausgehenden Mails untersucht. ... Server laufende Scanner (ist in meinem Fall vom gleichen Hersteller - ... Da du die Viren direkt am Exchange zentral löschen kannst, ist der Aufwand wesentlich geringer als wenn du den verteilten Virus auf jedem Rechner entfernen musst. ...
    (microsoft.public.de.exchange)
  • Virus officexp-KB910721-FullFile-ENU.exe
    ... We have a Sophos Puremessage scanner before our Exchange Server. ... Virus/spyware 'Troj/Spy-CU' has been detected in ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2003R2 Exchange wont send mail
    ... Do you have any kind of antivirus on the server? ... virus scanner. ... are okay. ... If Exchange is having a problem sending mail, it should complain in some log ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange Anti virus solution
    ... The server install should include both the regular file-level scanner ... the Realtime scanner's tray icon. ... you have to exclude the Exchange databases from ...
    (microsoft.public.windows.server.sbs)
  • Re: Firewall / Antivirus / Spyware Recommendation
    ... Avast4 Home (AV monitor and mail scanner) ... SystemSafetyMonitor (to watch and control apps and registry) ... The only payware is Kaspersky but it is a very powerfull AV (despite ...
    (comp.security.firewalls)