|
Posted by Lanwench [MVP - Exchange] on November 9, 2006, 9:26 am
If you were Registered and logged in, you could reply and use other advanced thread options
> "David H. Lipman" wrote:
>
>>
>>
>>> I just copied the notification directly from Antigen on the above
>>> post,
>>> they were using the virus verbiage. Here is the latest one from the
>>> log files.
>>>
>>> Tue Nov 07 16:57:55 2006 (2596-7028), "INFORMATION: Internet scan
>>> found virus: Folder: SMTP Messages\Outbound
>>> Message: Delivery Status Notification (Failure)
>>> File: helpful_.gif
>>> Incident: Exceeded Internet Timeout
>>> State: Removed"
>>
>> Pretty lousy log !
>>
>> All that can be gleamed from this is a outbound message with
>> attached file; "helpful_.gif" exceeded a timout and was ultimately
>> removed.
>>
>> It says "Internet scan found virus:".
>> What virus ?
>> What is the name of this virus and which AV software cdtected this ?
>>
>> All you can do is find out who the sender is and find the file
>> "helpful_.gif" and then submit it to Virus Total as a prescribed
>> earlier in this thread.
>>
>> In your original post, described the file name: "CODE_.gif" not
>> "helpful_.gif". Were there TWO or more incidents ?
>>
>> You mention "We have Symantec 10. as the AV". Is that on the client
>> PC or are you running a symantec AV version for MS Exchange Server ?
>> If you are NOT, I suggest junking AntiGen for Symantec AV for MS
>> Exchange Server or McAfee Anti Virus for Exchange Server.
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> http://www.ik-cs.com/got-a-virus.htm
>>
>>
>>
> Yeah, I am not impressed with Antigen logs either. My problem on
> the sender is the notification I get from Antigen is the sender is
> postmaster@mydomain.com. Here is the exact notification I receive:
> Microsoft Antigen for Exchange found a file infected with a virus.
> The file is currently Removed.
> File name: "helpful_.gif"
> Virus name: "Exceeded Internet Timeout"
> Message subject: "Delivery Status Notification _Failure_"
> Sent from: "postmaster@mydomain.com"
> Folder: "SMTP Messages\Outbound"
>
> I don't have a postmaster account in our environment and all the
> notifcations refer to that account as sender.
>
> As far as file names and more than one incident , yes, it keeps
> changing names of the gif file, I also am receiving notification of
> the file being : body of message : instead of a gif file on some
> notifications.
>
> On the AV question. unfortunatly I inherited this office recently and
> they are not using the Symantec for Exchange version, I belive my
> predecessor thought that Antigen would be enough for the exchange
> scan. They have the same version of Symantec on the workstations as
> they do the server. Not sure I can talk them into upgrading at this
> time.....
Note that I don't know many Exchange folks who would recommend Symantec
*anything* over Antigen - or TrendMicro's ScanMail (which is what I tend to
use).
Regarding Postmaster - check the properties of the built-in administrator
account & see whether postmaster@ is not defined therein.
I suggest you try posting in m.p.exchange.admin - to cast a wider net here.
A lot of people in there use Antigen.
| 
XML site map