McAfee and Exchange

[tk421]

I asked a question relating to this a while ago, but now I think I can make the question more specific.

I have McAfee netshield installed on an exchange server. It keeps reporting that it found viruses in files that I now recognize as incoming email attachments. However, I'm not sure whether it is deleting or otherwise preventing these files from being delivered to the recipients. So, am I protected? or how can I know?

Here are a couple lines from today's activity log:

11/27/01 9:57 AM Infected DOMAIN\Administrator D:\exchsrvr\imcdata\in\XA649Y88\ENFORCEMENT.pif W32/Magistr.b@MM

11/27/01 10:33 AM Infected DOMAIN\Administrator D:\exchsrvr\imcdata\in\XA649Y9G\ENFORCEMENT.pif W32/Magistr.b@MM

[MacGyver]

Probably the easiest way to tell is to test the antivirus protection yourself. You can do this with the EICAR antivirus test file, available here: <a href="http://www.eicar.org/anti_virus_test_file.htm" target="_blank">http://www.eicar.org/anti_virus_test_file.htm</a>

This file is detected as a virus by all antivirus scanners, however the file is completely harmless and is for testing purposes. Try sending an email to yourself with EICAR as an attachment and see if it gets through.

You may have to temporarily disable the antivirus on your workstation so you can download and send the file.

[iamtheman]

Aside from Netshield you should also be running McAfee's Groupshield for Exchange on that server. Check it out on their website.

[tk421]

very good info, especially the eicar test files. thanks. -tim

[Mayhem]

Just remember to disable your AV before you download the file or you may not be able to use it. Trend caught it and quarantined it immediately, so I can't use it to test other machines.

[Alwayslearining]

Make sure you uninstall netshield before installing groupshield because they might cause corruption to you priv and pub information store.

you can read more about it at <a href="http://www.nai.com" target="_blank">www.nai.com</a> and go to the knowledge base.