Re: Possible virus? But nothing detected

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Sat, 9 Sep 2006 20:29:21 -0400

---

In news:1157843823.891981.128920@xxxxxxxxxxxxxxxxxxxxxxxxxxxx,
Tom Watt <tom@xxxxxxxxxxxxxxxx> typed:

All users are getting a ton of e-mail from "System Administrator"
titled "Undelivered: XXXXX", where XXXXX is a random title, mostly of
spam or jiberish nature. Users are also getting various failure
messages from other servers about mailboxes not existing, etc. It
would appear that a worm or virus is creating spam coming out of our
server (Windows 2003 Small Business Server).

I updated and ran a full virus scan using Trend Micro's SMB product,
and nothing was found. I also re-loaded Exchange SP2 to see if that
would overwrite any malicious code, but neither helped. I of course
checked firewall and Exchange settings everything looked OK. I
noticed the "System Administrator" messages come every 15 minutes, at
the same time the system sends/receives internet e-mail. But
inbetween these cycles I do not notice anything waiting in the
outbound queue.

Any ideas?

Thanks,

Tom

If you haven't changed your relay settings, and use good passwords, it's
unlikely anyone is relaying viruses or spam through your server. If your
antivirus software is doing its job, you probably don't have a virus,
either. However, if a spammer or a virus has spoofed the sender in a
message, the innocent party gets the NDRs. This happens all the time....


.

---

• Follow-Ups:
  • Re: Possible virus? But nothing detected
    • From: Tom Watt
  • Re: Possible virus? But nothing detected
    • From: Shashank

• References:
  • Possible virus? But nothing detected
    • From: Tom Watt

• Prev by Date: Re: Adding my own pages
• Next by Date: Re: printer authenication codes and sbs2003 users
• Previous by thread: Re: Possible virus? But nothing detected
• Next by thread: Re: Possible virus? But nothing detected
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Its driving me crazy! ... I fear the next virus will be worse. ... causes me to exceed the 25MB limit on the server. ... it let many viruses and spam through. ... If I use a spam blocker, ... (microsoft.public.security.virus) Re: Masquerading Server Name ... it means it was tagged for Spam or virus content. ... My server sends out messages ... directly to the destination (there's no smarthost in between). ... (microsoft.public.exchange.admin) Re: Performance and requirements ... GFI Mail Essentials only does Spam filtering. ... That will take the virus and spam ... >> server has NAV for Exchange, GFI Mail Essentials running for AV and Spam ... (microsoft.public.exchange.design) Re: SMTP Queue ... someone was using my server for spam. ... >> that the users workstation is infected with a virus or the system is being ... (microsoft.public.exchange.admin) Re: How to do rDNS. WAS: RE: educating rDNS violators ... It's done in the DNS server. ... As a spam prevention measure, a lot of end-user Internet providers are ... Using your own mail server as a slave to the ISP's mail server will add ... (Security-Basics)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2006-09