How do I remove a virus from an Exchange log?

[Bryan]

Well, I've got a virus.

After doing a scan of my system, it shows that this file:

C:\Program Files\Exchsrvr\MDBDATA\E00002AE.log

Has the MyDoom virus. Ugh!

Admittedly, I don't know enough about how Microsoft Exchange works,
hence my question:

How do I remove the virus?

The scan tells me that it appears in 00001c9e.EML within that log file.
How do I clean it, delete it or quarantine it?

This is on a Windows 2003 Small Business Server, by the way, and I've
got Symantec Antivirus 9.0.0.338

Thanks in advance for any help you can provide!

- Bryan

 

[Richard S. Westmoreland]

C:\Program Files\Exchsrvr\MDBDATA\E00002AE.log

Has the MyDoom virus. Ugh!
How do I remove the virus?

The scan tells me that it appears in 00001c9e.EML within that log file.
How do I clean it, delete it or quarantine it?

Well, it is necessarily important for you to "remove" the virus? It's not
active while it's in that form of data. I think the only option you have is
to clear the logs, or just let it be. And just make sure your employees are
up to date on their av defs and have email scanning enabled.

 

[SSR]

Well, I've got a virus.

After doing a scan of my system, it shows that this file:

C:\Program Files\Exchsrvr\MDBDATA\E00002AE.log

Has the MyDoom virus. Ugh!

Admittedly, I don't know enough about how Microsoft Exchange works,
hence my question:

How do I remove the virus?

The scan tells me that it appears in 00001c9e.EML within that log file.
How do I clean it, delete it or quarantine it?

This is on a Windows 2003 Small Business Server, by the way, and I've
got Symantec Antivirus 9.0.0.338

Thanks in advance for any help you can provide!

- Bryan

The first thing you need to know is that to properly protect an Exchange
Server, you will need to install an AntiVirus solution specifically for
Exchange. A normal scanner will not handle Exchange's Store or mdb files
properly; which is why you are getting this message.

Secondly, this *issue* should disappear once your log files have been
committed to the Exchange Store and removed by your backup process (you
do have one, right?).

Beyond that, as long as your mail users have up-to-date pattern files on
their desktops, this shouldn't be an issue with the virus in the log
file. This is of course ass-u-ming that you are in a POP3 mail client
environment. If you're using an Exchange Server client (one that does
not download the mail off of the server) or allow Web based clients to
read mail from the server, then you're playing with fire by not having an
AntiVirus package for Exchange.