Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

W32.Swen Slamming my Exchange 1

Status
Not open for further replies.
Dreddnews

Dreddnews

Technical User
Nov 17, 2002
83
US
Within the last week my Exchange2k server has been slammed with Swen viruses. I have Symantec Antivirus with Exchange protection on there, but my inbox is still getting full of virus warnings that have been blocked. I keep getting emails about a new update from Microsoft or an Admin sending me an email titled Advice. Also is a pack of failure notices from sites I never sent to.

I checked all PC's on my network and none have the virus on them. Also ran the removal tool from Symantec and it said clean. What can I do to stop this from flooding my exchange and my inbox?

Any help would be greatly appreciated!

-D
 
Sort by date Sort by votes
I wish somebody could help with this too! I get several hundered e-mail messages every day on my Exchange2K server because of SWEN. I've tried filtering domains on the SMTP Virtual Server but that is futile as the domains are endless...confidence.com, newsletters_msdn.com, newsletters.ms.net, and on and on adnauseum! I too get never ending failure notices. ANy help is WAY appreciated.
 
Upvote 0 Downvote
I'm running Symantec Anti-Virus Filtering 3.0; not sure if that's what you mean by Symc AV with Exchange protection. You can block messages by subject (I think those messages use something like "patch" as the subject all the time). Then you can set it up so that any message rejected for this criteria does not send a notification e-mail to admin.

I set this up for that big virus that came out a month or two ago; can't remember the name ("your appliation", "did you see that movie"... that virus).
 
Upvote 0 Downvote
Someone suggested to me an event sink and it has reduced the problem ten fold.

Here is the link:

This is an SMTP transport event sink script developed specifically to filter Win32.Swen.A@mm worm emails. Emails that seems to be infected by the worm are dropped.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
962
DrB0b
DrB0b
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
1K
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
1K
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top