No announcement yet.

UPS Virus - Mail Store Search Facility

  • Filter
  • Time
  • Show
Clear All
new posts

  • UPS Virus - Mail Store Search Facility

    Hi All

    Some of our users have received the UPS virus zip file in to their mail boxes. Is there a facility within Exchange 2003 to interrogate the mailbox store to find which mailboxes have received this virus? Either by searching subject header, or zip file name? Also... any ideas is there are any other ways to stop this virus e.g. a virus program that can now detect it?



  • #2
    Re: UPS Virus - Mail Store Search Facility

    Do you have AV installed on the Exchange server? If not then you should.
    During an outbreak I tend to block attachments that are suspect. Zip files for example I blocked on one site for 18 months. They were then released by hand. Released one or two a day, but were blocking 100s of bogus attachments.

    Exmerge can find and remove the attachment. It was originally design to remove the "I love You" worm years ago. Exmerge is heavily documented on the Microsoft knowledge-base and in countless articles, so I am not going to repeat them here.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.


    • #3
      Re: UPS Virus - Mail Store Search Facility

      Yes, I have antivirus on the exchange server, up to date, and so is the firewall, god only knows how it got through... will have a check of the exmerge software that you recommended.



      • #4
        Re: UPS Virus - Mail Store Search Facility

        What virusscanner do you have?
        There are a lot of exchange virusscanners eg Mcafee Groupshield, Microsoft Antigen etc.
        Technical Consultant

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"


        • #5
          Re: UPS Virus - Mail Store Search Facility

          You could use exmerge to search by subject. You'll end up with a selection of pst files with the mailbox name of each user with the virus. Make sure that the import procedure is set to "copy data to target store". (yes I know you are exporting the data but it's labeled import procedure on the dialog box). You'll find it in the options dialog on the Source Server dialog box.

          If you are feeling really confident and have up to date backups using the "Archive data to targt store" will remove the bad messages for you.



          • #6
            Re: UPS Virus - Mail Store Search Facility

            hi, we use puremessage from sophos, its very good as it intercepts the message before it gets to exchange (as i understand it) and quarantines them, we have had quite a few come through, but non have got to a mailbox yet (fingers crossed). this is in addition to sophos on there as its av product.