-
November 27th, 2001, 12:50 PM
#1
McAfee and Exchange
I asked a question relating to this a while ago, but now I think I can make the question more specific.
I have McAfee netshield installed on an exchange server. It keeps reporting that it found viruses in files that I now recognize as incoming email attachments. However, I'm not sure whether it is deleting or otherwise preventing these files from being delivered to the recipients. So, am I protected? or how can I know?
Here are a couple lines from today's activity log:
11/27/01 9:57 AM Infected DOMAIN\Administrator D:\exchsrvr\imcdata\in\XA649Y88\ENFORCEMENT.pif W32/Magistr.b@MM
11/27/01 10:33 AM Infected DOMAIN\Administrator D:\exchsrvr\imcdata\in\XA649Y9G\ENFORCEMENT.pif W32/Magistr.b@MM
-
November 27th, 2001, 12:54 PM
#2
Registered User
Probably the easiest way to tell is to test the antivirus protection yourself. You can do this with the EICAR antivirus test file, available here: <a href="http://www.eicar.org/anti_virus_test_file.htm" target="_blank">http://www.eicar.org/anti_virus_test_file.htm</a>
This file is detected as a virus by all antivirus scanners, however the file is completely harmless and is for testing purposes. Try sending an email to yourself with EICAR as an attachment and see if it gets through.
You may have to temporarily disable the antivirus on your workstation so you can download and send the file.
-
November 27th, 2001, 01:31 PM
#3
Aside from Netshield you should also be running McAfee's Groupshield for Exchange on that server. Check it out on their website.
"Beer is proof that God loves us and wants us to be happy" -Benjamin Franklin
-
November 27th, 2001, 03:04 PM
#4
very good info, especially the eicar test files. thanks. -tim
-
November 27th, 2001, 04:50 PM
#5
Just remember to disable your AV before you download the file or you may not be able to use it. Trend caught it and quarantined it immediately, so I can't use it to test other machines.
The Dragon has left the building.
-
November 28th, 2001, 08:56 PM
#6
Make sure you uninstall netshield before installing groupshield because they might cause corruption to you priv and pub information store.
you can read more about it at <a href="http://www.nai.com" target="_blank">www.nai.com</a> and go to the knowledge base.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks