服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Exchange Server队列已被感染
Intereting Posts
将SQL Server Reporting Services与SharePoint集成时,是否必须在承载SSRS的数据库服务器上安装SharePoint? 我如何在2007年检查Exchange许可证 基准服务器如何与负载均衡器 用于pipe理AD帐户的OS X本机(没有“魔术三angular形”) 使用IAMangular色凭证从s3存储桶获取文件 控制证书自动续订时NPSnetworking策略select的证书 OSX 10.8服务器Wiki文件和数据库位置? 将urlredirect到新的主机 我如何检测使用pfSense的DDoS攻击,以便我可以告诉我的ISP谁阻止? Adobe Connect添加 validation服务器性能 如何更新bash Zabbix应用程序监控 无法打开TUN / TAP dev / dev / as0t0:没有这样的文件或目录(errno = 2) Windows 10 RDP连接不显示凭据对话框

Exchange Server队列已被感染

我最近将公司升级为AVG Business。 它工作很好,真的帮助垃圾邮件。 我注意到我们的交换服务器队列每十分钟就会感染一次。 两个问题:

  1. 如果没有重新启动,则无法清除感染,这会导致大约30分钟的电子邮件。 (不可接受)我知道这是因为文件不可访问,但它们都来自哪里?

  2. 这是我们的networking上的BOT还是这个传入的邮件?

最后我应该关心这个吗? 我觉得这可能是我们networking上的垃圾邮件机器人。 

Scanned object Infection State Detection time Object type Process c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\e0312449-cd97-45ea-8274-1b9f9a44e1eb Virus found JS/Obfuscated Moved to Virus Vault 2010-07-07 13:21:20 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\e0312449-cd97-45ea-8274-1b9f9a44e1eb Virus found JS/Obfuscated Object is inaccessible. 2010-07-07 13:38:19 file C:\Program Files\Windows NT\Accessories\WORDPAD.EXE c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\e0312449-cd97-45ea-8274-1b9f9a44e1eb Virus found JS/Obfuscated Object is inaccessible. 2010-07-07 13:38:12 file C:\WINDOWS\Explorer.EXE c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\e59d5870-81b2-4c56-b330-ec4e9ebbe9bc Virus found JS/Obfuscated Moved to Virus Vault 2010-07-07 13:21:20 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\ebfafd55-5a91-4786-9827-9a8dfe3b8884 Virus found JS/Obfuscated Moved to Virus Vault 2010-07-07 13:21:20 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\ed35ea91-f4b3-4139-8c82-81cdc14ab6ca Virus found JS/Dropper Moved to Virus Vault 2010-07-07 13:21:21 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\ef25b8d0-c327-458f-a7db-39e0579c0398 Virus found JS/Dropper Moved to Virus Vault 2010-07-07 13:21:21 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\fc76582c-f1d1-483d-8a62-910e2a10e054 Virus found JS/Obfuscated Moved to Virus Vault 2010-07-07 13:21:21 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_02fe480101cb1dee00000a3b.EML Virus found JS/Obfuscated Reboot is required to finish the action 2010-07-07 13:21:28 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_02fe480101cb1dee00000a3b.EML Virus found JS/Obfuscated Reboot is required to finish the action 2010-07-07 12:42:31 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_02fe480101cb1dee00000a3b.EML Virus found JS/Obfuscated Reboot is required to finish the action 2010-07-07 13:02:46 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_02fe480101cb1dee00000a3b.EML Virus found JS/Obfuscated Reboot is required to finish the action 2010-07-07 12:28:30 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_02fe480101cb1dee00000a3b.EML Virus found JS/Obfuscated Reboot is required to finish the action 2010-07-07 13:11:20 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_02fe480101cb1dee00000a3b.EML Virus found JS/Obfuscated Reboot is required to finish the action 2010-07-07 13:23:44 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e3ae89401cb1ddd00006f44.EML Virus found JS/Dropper Reboot is required to finish the action 2010-07-07 10:04:38 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e3ae89401cb1ddd00006f44.EML Virus found JS/Dropper Reboot is required to finish the action 2010-07-07 10:03:33 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e3ae89401cb1ddd00006f44.EML Virus found JS/Dropper Infected 2010-07-07 11:44:34 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:56:59 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:25:44 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:09:52 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:24:49 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:45:53 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:08:35 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:32:58 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:16:11 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:15:49 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 05:06:17 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:06:30 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:31:44 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 05:58:31 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:06:32 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:30:30 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:07:36 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:07:13 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:05:25 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:05:59 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 09:42:03 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 05:48:29 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 03:14:49 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:47:24 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:04:39 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 02:03:15 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:03:21 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 05:28:25 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 02:11:11 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:36:12 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 05:37:59 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 02:21:40 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 09:52:02 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 02:32:04 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 05:16:18 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 02:53:37 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 03:33:01 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 03:03:47 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 03:24:54 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 04:26:40 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 09:43:13 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 09:31:32 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 09:00:37 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 08:51:02 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 08:31:28 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 08:23:08 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 08:22:00 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 08:12:26 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 08:03:57 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:54:22 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:45:51 file C:\WINDOWS\system32\inetsrv\inetinfo.exe c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:35:51 file C:\WINDOWS\system32\inetsrv\inetinfo.exe

更新:我没有在Exchange Server 2003的Windows Server 2003 R2上正确安装AVG Business Internet Security 9.0。似乎需要将其添加/安装到pipe理控制台中的应用程序服务器部分。 谁能阐明如何做到这一点?

**最后更新

这里是AVG回复:)

尊敬的客户:您引用的文件avg_ipw_stf_all_90_839a2960.exe是用于工作站和文件服务器的安装文件。
您应该在Exchange服务器上安装的文件是电子邮件服务器版(文件名avg_msw_stf_all_90_839a2960.exe,附带扫描Exchange和Antispam插件的插件)。 请下载并将以下文件部署到Exchange服务器,以使其正确显示在Application Server组中: http : //download.avg.com/filedir/inst/avg_msw_stf_all_90_839a2960.exe **

你看到的是带有病毒的传入邮件。 这些还没有出现在Exchange,它们的目的是为了感染客户。 而且这听起来像AVG商业不是它应该的方式处理。 它将每个文件视为真实的感染,而不是被动的有效载荷。 这在很大程度上与Exchange不兼容(另外,您不提交Exchange版本)。

看看AVG,应该与Exchange一起工作的产品是AVG Internet Security Business Edition 9.0。 如果这就是您实际运行的内容,则需要重新configuration它才能使用VSAPI扫描,而不是文件级扫描(手册的第177页)。 或者,如果您位于Exchange 2007/2010,则路由传输扫描器。