RE: Urgent Request to Experts
- From: "Zoran Marjanovic" <zmarjanovic@xxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Fri, 7 May 2004 10:18:47 +0200
Hi Venu,
First check this
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ac@mm
.html and remove NetSky manually from your exchange (find and delete its
exe file and remove its registry keys, also you may run NetSky removal
tool with EXCLUDE switch to skip M drive, Databases, inetsrv and
Symantec folder). If netsky is already installed it means you don't have
up-to-date security patches (go to www.windowsupdates.com and install
critical updates on exchange). Then reinstall AV client in unmanaged
mode and go to Exclude Selected Files and Folders in Configure File
System realtime protection on your AV client, and exclude Exchsrv (are
your DBs in default location, if not then also exclude the folder you
use for storing DBs and logs), inetsrv (in winnt>system32), M drive and
Symantec folder in Program files, for more info go to
http://service1.symantec.com/SUPPORT/ent-gate.nsf/eb4f48490d6380ea88256d
1e0000dafc/a4386b11e157913988256bd0007e4b09?OpenDocument&src=bar_sch_nam
.
Schedule LiveUpdate. Run live update, and as you mentioned managed
client, find cegetter script on
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/200209181651
0548?Open&src=bar_sch_nam&docid=2000010708230148&nsf=ent-security.nsf&vi
ew=552ba2f7636bedf088256818006f78bf&dtype=&prod=&ver=&osv=&osv_lvl= ,
edit cegetter.bat it looks like
ftp -s:cescript.txt
call "C:\navup8.exe" /y
move "C:\WINNT\*.xdb" "C:\Program Files\SAV"
del /q "C:\navup8.exe"
and add a line copy /y " C:\WINNT\*.xdb "
"\\YourExchangeServerName\C$\Documents and Settings\All
Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5"
between CALL and MOVE lines, so exchange can receive daily updates from
your server but not configuration changes.
Schedule Intelligent Updater on Symantec server, so it can update all
clients on the net on daily basis, and apply critical patches on your
clients (use SUS) as netsky most probably arrived on exchange through
your network from another client.
Zoran
-----Original Message-----
From: Venu V [mailto:vvenu@xxxxxxxxxxxxxxx]
Sent: Friday, May 07, 2004 9:45 AM
To: [ExchangeList]
Subject: [exchangelist] Urgent Request to Experts
http://www.MSExchange.org/
Please help on below 2 serious issues and help me to solve:-
1) If I have to install a unmanaged av client then is there any harm
for the previous quarentined files or any measures to be taken care.
2) Can I run a batch file for unmapping M Drive so that my AV will
skip M:drive and will logs generating will get minimised?.
-----Original Message-----
From: Mark Fugatt [mailto:mark@xxxxxxxxx]
Sent: Friday, May 07, 2004 9:59 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Two New Whitepapers Available from Microsoft
http://www.MSExchange.org/
It is because your AV software is configuring the Exchange logs and db's
fix that problem first and then backup.
Mark Fugatt
MCSE, MCT, Microsoft Exchange MVP
Pentech Office Solutions Inc
Rochester, NY
Tel: 585 586 3890
Cell: 585 576 4750
http://www.4mcts.com
http://www.exchangetrainer.com
-----Original Message-----
From: Venu V [mailto:vvenu@xxxxxxxxxxxxxxx]
Sent: Friday, May 07, 2004 12:45 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Two New Whitepapers Available from Microsoft
http://www.MSExchange.org/
No Phani even after taking backups also still im there are log files in
MDBData which are older.
-----Original Message-----
From: Phani Kumar [mailto:phani_phani@xxxxxxxxx]
Sent: Friday, May 07, 2004 9:55 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Two New Whitepapers Available from Microsoft
http://www.MSExchange.org/
hi
take the back up then automatically every thing will be deleted or
errased from e00.dbf file.
ref : read the concept of storage architecture...
reg
phanikumar.A
--- Venu V <vvenu@xxxxxxxxxxxxxxx> wrote:
> http://www.MSExchange.org/
>
>
> We are running Exchange2000 and by the way MR.Mark can I delete log
> files from MDBData folder which are with old dated as my drive is
> getting filled up with logs.Is there any harm in doing so?Please
> suggest
> me
>
> -----Original Message-----
> From: Mark Fugatt [mailto:mark@xxxxxxxxx]
> Sent: Friday, May 07, 2004 9:39 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Two New Whitepapers Available from
> Microsoft
>
> http://www.MSExchange.org/
>
> What version of Exchange?
>
>
> Mark Fugatt
> MCSE, MCT, Microsoft Exchange MVP
> Pentech Office Solutions Inc
> Rochester, NY
> Tel: 585 586 3890
> Cell: 585 576 4750
> http://www.4mcts.com
> http://www.exchangetrainer.com
>
> -----Original Message-----
> From: Venu V [mailto:vvenu@xxxxxxxxxxxxxxx]
> Sent: Friday, May 07, 2004 12:22 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Two New Whitepapers Available from
> Microsoft
>
> http://www.MSExchange.org/
>
>
> We are running Symantec Corporate Version 8.0 and unfortunately im not
> running any separate package for exchange.
>
> -----Original Message-----
> From: Mark Fugatt [mailto:mark@xxxxxxxxx]
> Sent: Friday, May 07, 2004 9:31 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Two New Whitepapers Available from
> Microsoft
>
> http://www.MSExchange.org/
>
> What version of Exchange?
>
> I can't really tell you how to exclude the files in your own AV
> package as I don't know what your running, but if you tell me what
> version your running I can tell you what to exclude.
>
> So, you are just running a client AV package on your Exchange
> server!!!!, that is really not a good idea, you should have an
> anti-virus package that is designed to run with the version of
> Exchange you have.
>
>
> Mark Fugatt
> MCSE, MCT, Microsoft Exchange MVP
> Pentech Office Solutions Inc
> Rochester, NY
> Tel: 585 586 3890
> Cell: 585 576 4750
> http://www.4mcts.com
> http://www.exchangetrainer.com
>
> -----Original Message-----
> From: Venu V [mailto:vvenu@xxxxxxxxxxxxxxx]
> Sent: Friday, May 07, 2004 12:16 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Two New Whitepapers Available from
> Microsoft
>
> http://www.MSExchange.org/
>
>
> My exchange server is a antivirus client and I think its scanning the
> log files too. Can you help me how to exclude Exchange for scanning
> log files?
>
> -----Original Message-----
> From: Mark Fugatt [mailto:mark@xxxxxxxxx]
> Sent: Friday, May 07, 2004 9:25 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Two New Whitepapers Available from
> Microsoft
>
> http://www.MSExchange.org/
>
> You should not be scanning any of your Exchange log files or databases
> with an AV package.
>
> Mark Fugatt
> MCSE, MCT, Microsoft Exchange MVP
> Pentech Office Solutions Inc
> Rochester, NY
> Tel: 585 586 3890
> Cell: 585 576 4750
> http://www.4mcts.com
> http://www.exchangetrainer.com
>
> -----Original Message-----
> From: Venu V [mailto:vvenu@xxxxxxxxxxxxxxx]
> Sent: Thursday, May 06, 2004 11:40 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Two New Whitepapers Available from
> Microsoft
>
> http://www.MSExchange.org/
>
>
> NetSky Virus infected to logs files in exchange and made the virtual
> drive to disappear. I tried to restore the files and was successful
> but today it again infected to other files which it showing
> quarentined status. Can any one help Me how to get rid of these
> situations?
>
>
>
> -----Original Message-----
> From: Mark Fugatt [mailto:mark@xxxxxxxxx]
> Sent: Friday, May 07, 2004 6:32 AM
> To: [ExchangeList]
> Subject: [exchangelist] Two New Whitepapers Available from Microsoft
>
> http://www.MSExchange.org/
>
> Exchange Server 2003 Security Hardening Guide:
>
http://www.microsoft.com/downloads/details.aspx?familyid=6a80711f-e5c9-4
> aef-
> 9a44-504db09b9065&displaylang=en
> or
> http://tinyurl.com/25hlf
>
> Exchange Server 2003 Administration Guide
>
http://www.microsoft.com/downloads/details.aspx?familyid=98e45481-1458-4
> 809-
> 97d6-50d8aeebd8a1&displaylang=en
> or
> http://tinyurl.com/mtna
>
> Mark Fugatt
> MCSE, MCT, Microsoft Exchange MVP
> Pentech Office Solutions Inc
> Rochester, NY
> Tel: 585 586 3890
> Cell: 585 576 4750
> http://www.4mcts.com
> http://www.exchangetrainer.com
>
>
>
>
------------------------------------------------------
> List Archives:
>
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters:
> http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ:
>
http://www.msexchange.org/pages/larticle.asp?type=FAQ
>
------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com
> No.1 ISA Server Resource Site:
> http://www.isaserver.org Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax
> Solutions:
> http://www.ntfaxfaq.com
>
------------------------------------------------------
>
>
>
------------------------------------------------------
> List Archives:
>
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters:
> http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ:
>
http://www.msexchange.org/pages/larticle.asp?type=FAQ
>
=== message truncated ===
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
Other related posts:
