No announcement yet.

Mailroot Messages?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Mailroot Messages?

    We are running Exch 2003 & Server 2003 standard with Symantec for Exchange.

    Each day our "mailroot" folder has 4-6 new outlook messages in the folder. We also receive virus notifications from the Symantec program which indicates that a message with an attachment & virus has been deleted from a users Inbox or Junk Email box.

    The only time that we get a reprieve from the messages is when I go into the Mialroot folder and change the security on the new messages. This will stop them for a day only. Also, I cannot delete the messages as it give an error message that says the message is being used by another progam and cannot be deteled.

    I have tried to filter out the originating address by using filters but I suspect that we have a mass mailing worm installed somewhere. All of the workstations have been scanned as have the servers.

    The scans on the servers are limited (directories to be excluded) to what is recommended by Miscrosoft and Symantec.

    Any ideas? And is there a way to determine what program is running so I can delete these messages.


  • #2
    Re: Mailroot Messages?

    Try to use other antivirus them Symantec. Trend/Antigen can help you.


    Best Regards,

    Yuval Sinay

    LinkedIn:, Blog:


    • #3
      Re: Mailroot Messages?

      Further information & research,

      Virus W32.Sober.X@mm-

      As I have now figured out that all incoming mail that hits Exchange is written to the 'mailroot' folder to await delivery to the receipant (sp). What is happenng is that these emails, received from the outside, are being written to the folder and then just sit there.

      It looks like they try to email themselves to the addressee but the Symantec Exchange protection is catching them as they enter the users email account. When I attempt to run a AV scan, Symantec catches the virus & quarentines them but the message gets re-written again.

      I have run the removal tools from Symantec but since the virus is NOT installed on the server it is not being caught and removed. It is only being caught as a result of it trying to email itself out.

      Any ideas?