RE: Antivirus

  • From: "Jamie A. Byrnes" <jabyrnes@xxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 24 Jun 2003 11:02:00 +0930

Hi Chris,
I think technically speaking it is OK to have a virus in your exchange
DB, as there are no known viruses that can activate in that state. All
viruses have a execute jump point, whether it is a direct executable
(.exe, .bat, .scr etc.) or script based (.vbs, .doc etc.). Essentially
user interaction is required for activation, even if it is as simple as
highlighting a message in outlook.
BUT, my strong opinion is that its just a matter of time - in fact I'm
amazed it hasn't already happened! There are BOUND to be buffer
overflows in SMTP handling, key exchange etc., like SQL slammer for
instance, that could turn your server into mush. The simple fact is that
exchange has such a small market share of the mail systems worldwide
that the evil hackers haven't bothered to look yet, concentrating on
broadly used exchangers like sendmail, qmail and other *nix based
systems - in which many of these overflow have been found and exploited.
Be prepared, as its coming... <insert spooky music here>

        -----Original Message-----
        From: Chris Nielsen [mailto:cnielsen@xxxxxxxxxxxxxxx] 
        Sent: Tuesday, 24 June 2003 4:07 AM
        To: [ExchangeList]
        Subject: [exchangelist] RE: Antivirus
        The gist of my question was whether there were viruses that
could affect the Exchange server even if you had bullet-proof AV on
every client that would be connecting to it (and even non-Exchange AV on
the Exchange server to protect it at the file access level).
        I'm not sure if you're giving a yes or no answer to this more
specific question. Everybody else seems to say no.
        Keep in mind I'm asking from a wisdom-aside perspective -- I
know redundancy is Good and relying on the end-users is Bad. I'm just
interested in the purely technical. 

                -----Original Message-----
                From: Jack Spradling [mailto:jack@xxxxxxxxxxxxxxxxxx] 
                Sent: Monday, June 23, 2003 9:56 AM
                To: [ExchangeList]
                Subject: [exchangelist] RE: Antivirus
                  Running an Antivirus layer on the Exchange server is a
must. Have you ever dealt with a NIMDA like virus? Or any other self
replication virus that disables the client side antivirus software? And
then writes its payload to all UNC tunnels you have open? Many new virus
actually kill the antivirus service on your clients system? I would much
rater have the server strip it out before I have to deal with a C*O that
has trashed his/her system. 


                  I run Trend ScanMail, the Exchange server also runs
Trend ServerProtect, and my clients run OfficeScan. I also run Trend
VirusWall on my ISA 2000 server. When I arrived at this site every
computer had some sort of virus and most of them where propagated
through email. It took 2 months to eradicate all of them from all of the
servers and clients, that was 2 years ago, we have had 0 infections
since. This is where it pays off, no extra time dealing with virus
related problems. 



                Jack Spradling 
                IT Manager 
                *200 Michael Angelo Way, Austin, TX 78728 
                *(512) 218-3636
                *(512) 736-3108 

                ICQ 218803 <> 


        List Archives:
        Exchange Newsletters:
        Exchange FAQ:
        Other Internet Software Marketing Sites:
        Leading Network Software Directory:
        No.1 ISA Server Resource Site:
        Windows Security Resource Site:
        Network Security Library:
        Windows 2000/NT Fax Solutions:
        You are currently subscribed to this Discussion
List as: jabyrnes@xxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to

Other related posts: