netsky.b stuck at exchange's queue folder

J

jeffbeh

Hi all,

i got problem with netsky.b virus on exchange server 2000. Exchang
server are running Netshield 4.5 and having problem to remove it.
also trying to use stinger to scan for virus and part of scanned viru
are able to remove. The activities are like below:

Scan initiated on Tue Mar 02 09:32:54 2004

F:\Program Files\Mailroot\vs
1\Queue\NTFS_5f81baf301c3ff2e00000a75.EML\jokes.zip

Found the W32/Netsky.b@MM!zip virus !!!

F:\Program Files\Mailroot\vs
1\Queue\NTFS_5f81baf301c3ff2e00000a75.EML\jokes.zip has been deleted.

F:\Program Files\Mailroot\vs
1\Queue\NTFS_bbf5cb2c01c3fff000000ee6.EML\information.zip

Found the W32/Netsky.b@MM!zip virus !!!

F:\Program Files\Mailroot\vs
1\Queue\NTFS_bbf5cb2c01c3fff000000ee6.EML\information.zip has bee
deleted.

F:\Program Files\Mailroot\vs
1\Queue\NTFS_c4834e6c01c3ff2900000a4a.EML\mail2.zip

Found the W32/Netsky.b@MM!zip virus !!!

F:\Program Files\Mailroot\vs
1\Queue\NTFS_c4834e6c01c3ff2900000a4a.EML\mail2.zip has been deleted.

F:\Program Files\MDBDATA\E0002EDD.log\00001252.EML\photos.zip

Found the W32/Mimail.c@MM virus !!!

F:\Program Files\MDBDATA\E0002EDD.log\00001252.EML\photos.zip

Found the W32/Mimail.c@MM virus !!!

F:\Program Files\MDBDATA\E0002FD0.log\0000d961.EML\part2.exe

Found the W32/Netsky.b@MM virus !!!

F:\Program Files\MDBDATA\E0002FD0.log\0000d961.EML\part2.exe

Found the W32/Netsky.b@MM virus !!!

Number of clean files: 38791

Number of infected files: 7

Number of files deleted: 3

Thanks in advance
Jeffrey Be


-
jeffbe
 
J

Jack the Bear

You were doing fine in Mailroot, it's the Mimails in MDBDATA that started
screwing things up.
File permissions, perhaps a problem?

- Jack.
 
W

Wrangler

Hi,

Sounds like you are picking up the virus with the on access scanner scanning
the .EML temporary files... you should be relying on the Exchange AV to do
that, otherwise they will probably end up fighting.... Exchange writes the
..EML file to disk, the OAS look at it, goes "Its a virus!" whips it away by
deleting or quarantining it, and Exchange sits there saying "EH!?, where the
**** did that go then!? It was there a (milli)second ago!??... Can't leave
anything around these days... I blame the youth of today... In my day... [ad
infinitum...]"

Here, I have excluded the mailroot\vs 1 directory from the On Access scanner
to avoid this happening.

Stuff passing through Exchange gets scanned by Exchange, and stuff outside
the Exchange folders / databases / working areas system gets scanned by the
OAS.

This works fine. NetSky (and Swen too actually...) came a-knocking here
yesterday, and was politely given the digital finger by the Exchange AV...

BUT Make sure that your Exchange AV is *installed* and *up to date* too,
otherwise the virus will go through the Exchange server like prunes through
a granny...

..\/.artin
 
C

Conny

jeffbeh said:
Hi all,

i got problem with netsky.b virus on exchange server 2000. Exchange
server are running Netshield 4.5 and having problem to remove it. I
also trying to use stinger to scan for virus and part of scanned virus
are able to remove. The activities are like below:

Scan initiated on Tue Mar 02 09:32:54 2004

F:\Program Files\Mailroot\vsi
1\Queue\NTFS_5f81baf301c3ff2e00000a75.EML\jokes.zip

Found the W32/Netsky.b@MM!zip virus !!!

F:\Program Files\Mailroot\vsi
1\Queue\NTFS_5f81baf301c3ff2e00000a75.EML\jokes.zip has been deleted.

F:\Program Files\Mailroot\vsi
1\Queue\NTFS_bbf5cb2c01c3fff000000ee6.EML\information.zip

Found the W32/Netsky.b@MM!zip virus !!!

F:\Program Files\Mailroot\vsi
1\Queue\NTFS_bbf5cb2c01c3fff000000ee6.EML\information.zip has been
deleted.

F:\Program Files\Mailroot\vsi
1\Queue\NTFS_c4834e6c01c3ff2900000a4a.EML\mail2.zip

Found the W32/Netsky.b@MM!zip virus !!!

F:\Program Files\Mailroot\vsi
1\Queue\NTFS_c4834e6c01c3ff2900000a4a.EML\mail2.zip has been deleted.

F:\Program Files\MDBDATA\E0002EDD.log\00001252.EML\photos.zip

Found the W32/Mimail.c@MM virus !!!

F:\Program Files\MDBDATA\E0002EDD.log\00001252.EML\photos.zip

Found the W32/Mimail.c@MM virus !!!

F:\Program Files\MDBDATA\E0002FD0.log\0000d961.EML\part2.exe

Found the W32/Netsky.b@MM virus !!!

F:\Program Files\MDBDATA\E0002FD0.log\0000d961.EML\part2.exe

Found the W32/Netsky.b@MM virus !!!

Number of clean files: 38791

Number of infected files: 7

Number of files deleted: 3

Thanks in advance
Jeffrey Beh
Click to expand...

As long as they are archived they do no harm so why bother?
Bit if you unpack the files and run it you will be infected as usual.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

FWT Newsletter - Weekly - October 11, 2004 0

Top