|
Posted by =?Utf-8?B?SVRUZXN0ZXI=?= on November 28, 2005, 10:58 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Thks for your reply. please see below
> What anti virus software are you using that is specifically designed to run on
a MS Exchange
> Server ?
I use Avast! Server Edition for Exchange 2003 on the new mail server. This
AV is not very wellknown in North America but the AV is very efficient on
Server and Workstation.
I use Symantec AV Enterprise Ed. 9.02 for exchange on the infected box.
Avast will detect any phishing links or infected attached files that SAV
will not detected on server and workstation. Test on a workstation and you
will see the diffence.
The Avast support for server or workstation is very poor but the quality of
the software worth the try.
> You said "Can hackdef or its variants..." Is that really the FULL name of this
infector ?
> Knowing what the AV software that detected the infector would help.
Please search on google for HackDef and you will see how dangerous are this
trojan. you cannot remove, you cannot update any patch from MS, any attempt
to remove the hackdef will make your server crashed and may completely lost
forever. I can give you the number of the three level of MS engineers which
try to help me to remove this rootkit.
The first try crashed completely my server
The second try unsuccessful, move the level 3. security level.
The third try is the same as above. the security engineer gave up and
suggested me to rebuilt from crash.
I follow partially his instructions as I will crashed after I have move the
mailboxes.
Attention: Please do not visit certain site that discuss about hachdef if
you don't have an good anti-virus which can detect website malware scripts.
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
"David H. Lipman" wrote:
>
> | I have posted this message on Exchange Newsgroup but is seem that nobody is
> | able to help me so I post it again in this newsgroup hopping someone can help
> | me.
> |
> | Can anyone help me for the below points
> |
> | General overview of the problem:
> | We have a single Exchange Server running on an DC and AD server
> | During the past month, our server is infected with hackdef which open
> | backdoor on our firewall (cisco pix 506e) and to our networks.
> | However we have patched the security hole by remote (ssh) on the firewall
> | and we are able to secure partially the network.
> | We have rebuilt the DC and AD server using promote an depromote method - We
> | have successfully added the second DC to our network but not yet promote this
> | box to be the primary DC as we are not sure about the mailboxes moving.
> | We have successfully configured a second mail server ready for the moving of
> | mailboxes
> | We have mount the new mail server offline and updated all security patches
> | (Windows server SP1 and Exchange SP2)
> | We use temporally an different AntiVirus which a not controlled by the DC
> | for safety reason.
> | We have successfully test the moving of a single mailbox
> | It seem that everything are ready for the final move.
> | However we are concerned for the below points:
> |
> | 1. Can hackdef or its variants infect the new mail servers by moving the
> | mailboxes?
> | 2. Can data on the moved mailboxes infect the new server - we have one
> | user's mailboxes which is infected by a virus / trojan
> |
> | Do we need to rebuilt from scratch if the above point are not safe.
> | We can't perform a anti-virus scan on the exchange db before the move as db
> | will be corrupted so it's not usefull.
> | Please advise if there any other alternative for this matter.
> |
> | Regards,
> |
>
>
>
>
| 
XML site map