Re: Security issue with MS Exchange and Windows 2003 Server

From: Darrin S (cast_at_real)
Date: 11/29/05 

Date: Mon, 28 Nov 2005 20:12:31 -0800

Spysweepers new version scans for rootkits and they have an enterprise
version that is also available as a fully functional trial version.
http://www.webroot.com/?rc=2180&ac=785&wt.srch=1&wt.mc_id=785

"ITTester" <ITTester@discussions.microsoft.com> wrote in message
news:820A8F04-BA76-40CD-B07F-718CAB32B830@microsoft.com...
>I have posted this message on Exchange Newsgroup but is seem that nobody is
> able to help me so I post it again in this newsgroup hopping someone can
> help
> me.
>
> Can anyone help me for the below points
>
> General overview of the problem:
> We have a single Exchange Server running on an DC and AD server
> During the past month, our server is infected with hackdef which open
> backdoor on our firewall (cisco pix 506e) and to our networks.
> However we have patched the security hole by remote (ssh) on the firewall
> and we are able to secure partially the network.
> We have rebuilt the DC and AD server using promote an depromote method -
> We
> have successfully added the second DC to our network but not yet promote
> this
> box to be the primary DC as we are not sure about the mailboxes moving.
> We have successfully configured a second mail server ready for the moving
> of
> mailboxes
> We have mount the new mail server offline and updated all security patches
> (Windows server SP1 and Exchange SP2)
> We use temporally an different AntiVirus which a not controlled by the DC
> for safety reason.
> We have successfully test the moving of a single mailbox
> It seem that everything are ready for the final move.
> However we are concerned for the below points:
>
> 1. Can hackdef or its variants infect the new mail servers by moving the
> mailboxes?
> 2. Can data on the moved mailboxes infect the new server - we have one
> user's mailboxes which is infected by a virus / trojan
>
> Do we need to rebuilt from scratch if the above point are not safe.
> We can't perform a anti-virus scan on the exchange db before the move as
> db
> will be corrupted so it's not usefull.
> Please advise if there any other alternative for this matter.
>
> Regards,
>
>

Relevant Pages

  • Re: Moving Mailbox store to a SAN
    ... You really ought to consider building a completely new server and moving the ... mailboxes, connections, public folders, etc. there. ...
    (microsoft.public.exchange.admin)
  • Re: Removing ADC
    ... >> As for this issue regarding your mail server. ... >> through oldserver while you're moving over your mailboxes (assuming you ... >> 3) This option is what we did for our with our mail server. ... at least to get your box behind your firewall. ...
    (microsoft.public.exchange.admin)
  • Re: Moving Exchange 2000 to a New Computer
    ... 328810 Moving mailboxes between servers ... The moving of mailboxes is done through ADU&C on ... Microsoft Exchange Support ... Public folders are moved via adding replicas to the new server. ...
    (microsoft.public.exchange.setup)
  • Re: Moving Exchange 2000 to a New Computer
    ... 328810 Moving mailboxes between servers ... The moving of mailboxes is done through ADU&C on ... Microsoft Exchange Support ... Public folders are moved via adding replicas to the new server. ...
    (microsoft.public.exchange.admin)
  • Re: Moving Exchange 2000 to a New Computer
    ... 328810 Moving mailboxes between servers ... The moving of mailboxes is done through ADU&C on ... Microsoft Exchange Support ... Public folders are moved via adding replicas to the new server. ...
    (microsoft.public.exchange2000.admin)