Re: badmail

  • From: "steve alcock" <steve.alcock@xxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 23 Nov 2004 15:24:36 -0000

Mike,

First I should reiterate some of yesterdays mail :-

The server belongs to a friend / customer....... it has been up and
running for best part of a year ( win2000 / exchange server ) they have
their own reps calling in from various parts of the world from time to
time and log onto the network, all personel have ( or should have )
complete protection re virus  /  spyware etc.

The server is just that, it is a dedicated server, no office / outlook,
no users except admin and now me.

I have identified the virus as being spybot on the server and the vai 1
dir's being full all systems in house have been checked and nothing
found it is just the server.

The network works fine, all services are running, I have got the server
back to desktop but it is running like a snail with rheumatism.

They have an Eicon firewall / router which is constantly being bombarded
by the server ( and only the server ).

I am reluctant to re - install from scratch as it is their busiest time
of the year ( they are in the toy industry ) hence my wanting to clear
the problem.

But if the problem is not the sdbot virus what can I look for and do
????


Regards


Steve

 
 
Calderglen Computers
Calder House
Spring Lane
Colne
Lancs
BB8 9BD
www.calderglen.net
phone : +44 (0) 1282 871717
 
 
 
 

-----Original Message-----
From: A. M. Salim [mailto:msalim@xxxxxxxxxxxx] 
Sent: 23 November 2004 14:36
To: [ExchangeList]
Subject: [exchangelist] Re: badmail

http://www.MSExchange.org/

Hi,

> Yesterday I posted badmail, queue and pickup directories are full to
> busting of files and I am assuming it is due to the sdbot virus, can
> this be confirmed and also that the only way to " empty " these
> directories is to take the server off the internet until clear then
> delete the virus, there is no other reason for these folders being
full
> is there ?????

There are many many reasons for those dirs filling up, not just the
sdbot
virus.

The queue dir will fill up if someone or some process is trying to send
out masses of emails, either zillions of small emails or a lot of huge
emails.

The badmail dir will fill up when the recipient email address is bad and
you have zillions of such messages.  This can be caused because you
simply
do not bother to regularly clean out the badmail dir and it has now
filled
up, or because there is someone or some process sending out masses of
bad
emails.

While all signs appear pointing to your current virus infection, I would
hesitate to say that it is the only reason.

I am curious:  you say that your server has been infected by a virus and
yet you seem reluctant to re-install the system and appear to be looking
for a way to get the system clean again without re-installing.

If you want to be rid of the virus, you have to figure out what practice
caused the server to be infected.  A server should not get infected just
because virus-laden emails are being transmitted through it.  Someone
had
to sit there and click on the virus message and open and execute the
file,
or download something bad from the Internet.  Is someone using your
server
as if it is their personal workstation, and has installed Outlook on it
and is reading their email, downloading this and that, etc.?  It may be
worth looking into these things so it does not happen again.

best regards
Mike


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
steve.alcock@xxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx



Other related posts: