Re: badmail

  • From: "steve alcock" <steve.alcock@xxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 23 Nov 2004 15:24:36 -0000


First I should reiterate some of yesterdays mail :-

The server belongs to a friend / customer....... it has been up and
running for best part of a year ( win2000 / exchange server ) they have
their own reps calling in from various parts of the world from time to
time and log onto the network, all personel have ( or should have )
complete protection re virus  /  spyware etc.

The server is just that, it is a dedicated server, no office / outlook,
no users except admin and now me.

I have identified the virus as being spybot on the server and the vai 1
dir's being full all systems in house have been checked and nothing
found it is just the server.

The network works fine, all services are running, I have got the server
back to desktop but it is running like a snail with rheumatism.

They have an Eicon firewall / router which is constantly being bombarded
by the server ( and only the server ).

I am reluctant to re - install from scratch as it is their busiest time
of the year ( they are in the toy industry ) hence my wanting to clear
the problem.

But if the problem is not the sdbot virus what can I look for and do



Calderglen Computers
Calder House
Spring Lane
phone : +44 (0) 1282 871717

-----Original Message-----
From: A. M. Salim [mailto:msalim@xxxxxxxxxxxx] 
Sent: 23 November 2004 14:36
To: [ExchangeList]
Subject: [exchangelist] Re: badmail


> Yesterday I posted badmail, queue and pickup directories are full to
> busting of files and I am assuming it is due to the sdbot virus, can
> this be confirmed and also that the only way to " empty " these
> directories is to take the server off the internet until clear then
> delete the virus, there is no other reason for these folders being
> is there ?????

There are many many reasons for those dirs filling up, not just the

The queue dir will fill up if someone or some process is trying to send
out masses of emails, either zillions of small emails or a lot of huge

The badmail dir will fill up when the recipient email address is bad and
you have zillions of such messages.  This can be caused because you
do not bother to regularly clean out the badmail dir and it has now
up, or because there is someone or some process sending out masses of

While all signs appear pointing to your current virus infection, I would
hesitate to say that it is the only reason.

I am curious:  you say that your server has been infected by a virus and
yet you seem reluctant to re-install the system and appear to be looking
for a way to get the system clean again without re-installing.

If you want to be rid of the virus, you have to figure out what practice
caused the server to be infected.  A server should not get infected just
because virus-laden emails are being transmitted through it.  Someone
to sit there and click on the virus message and open and execute the
or download something bad from the Internet.  Is someone using your
as if it is their personal workstation, and has installed Outlook on it
and is reading their email, downloading this and that, etc.?  It may be
worth looking into these things so it does not happen again.

best regards

List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking:
Leading Network Software Directory:
No.1 ISA Server Resource Site:
Windows Security Resource Site:
Network Security Library:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: