Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I have an exchange server running a

Status
Not open for further replies.

joepc

MIS
Jul 26, 2002
647
US
I have an exchange server running at one of my customers office and norton corp keeps telling me it found W32.Sobig.A@mm.enc and that it deleted it. It is finding it in the D:\exchsrvr\imcdata\in directory. It is infecting a different file everytime.

Should I just let this be or is there a better solution to get rid of this message?

Thanks guys, and gals.
 
HI.

> Should I just let this be ...
No.

What is the Exchange server version?
What is the NAV version?
Have you installed NAVMSE? What version?
Do you have a mail relay?

In general, you should use NAVMSE (or SAVMSE for newer versions) and you should exclude the IMCDATA from the normal file based scanner.
The infected email message should be stopped by the Exchange specific anti virus NAVMSE and not by the "yellow" file based realtime scanner.

You should also scan all servers and workstations in the organization for virusses.

Bye
Yizhar Hurwitz
 
It's got exchange ver. 5.5 on it. They are currently running NAV corp. ver 7.60. They do have NAV for exchange, which should stop any viruses comming in by e-mail.

There is defintetly no open relay. I was thinking it could possibly be a spammer trying to relay off the exchange server.

The alert comes up every 10 min. This happened to me at two of my other clients sites and it seemed to go away after a week. It just bothers me to see that constantley comming up. Symantec's site says that it's not a very damaging virus, but I want to get to the root of the problem.

 
The virus message stopped apearing about a week or so after I posted this question. I'm not sure why it was happening. I don't believe it was through exchange because NAV for exchange would have picked it up.

I may never know why I can only guess. (some spammer was trying relay off the mail server to send out their spam)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top