Re: Security issue with MS Exchange and Windows 2003 Server
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 11/29/05
- Next message: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
- Previous message: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
- In reply to: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
- Next in thread: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
- Reply: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Nov 2005 23:25:51 -0500
From: "ITTester" <ITTester@discussions.microsoft.com>
| Hi David,
|
| Thks for your reply. please see below
|
>> What anti virus software are you using that is specifically designed to run on a MS
>> Exchange Server ?
|
| I use Avast! Server Edition for Exchange 2003 on the new mail server. This
| AV is not very wellknown in North America but the AV is very efficient on
| Server and Workstation.
|
| I use Symantec AV Enterprise Ed. 9.02 for exchange on the infected box.
|
| Avast will detect any phishing links or infected attached files that SAV
| will not detected on server and workstation. Test on a workstation and you
| will see the diffence.
|
| The Avast support for server or workstation is very poor but the quality of
| the software worth the try.
|
>> You said "Can hackdef or its variants..." Is that really the FULL name of this infector ?
>> Knowing what the AV software that detected the infector would help.
|
| Please search on google for HackDef and you will see how dangerous are this
| trojan. you cannot remove, you cannot update any patch from MS, any attempt
| to remove the hackdef will make your server crashed and may completely lost
| forever. I can give you the number of the three level of MS engineers which
| try to help me to remove this rootkit.
|
| The first try crashed completely my server
| The second try unsuccessful, move the level 3. security level.
| The third try is the same as above. the security engineer gave up and
| suggested me to rebuilt from crash.
|
| I follow partially his instructions as I will crashed after I have move the
| mailboxes.
|
| Attention: Please do not visit certain site that discuss about hachdef if
| you don't have an good anti-virus which can detect website malware scripts.
|
Thanx for the AV version reply.
I don't search Google for virus information. I search AV vendor virus libraries. Google
can produce faux results as well as good results. Virus libraries tend to be accurate based
upon the name they detecyed it as.
When I search the Symantec library
http://securityresponse.symantec.com/avcenter/vinfodb.html I don't find "HackDef ".
Usually if a virus or Trojan that is a "RootKit" will then have RootKit as part of the
infector's name.
Example:
Hacktool.Rootkit --
http://securityresponse.symantec.com/avcenter/venc/data/hacktool.rootkit.html
Since different AV vendors often name the same infector differently, the full name and AV
vendor who recognized the infector is important.
For example all these are the same infector...
W32/Gael.worm.a -- http://vil.nai.com/vil/content/v_134857.htm
W32.Licum -- http://securityresponse.symantec.com/avcenter/venc/data/w32.licum.html
W32/Tenga-A -- http://www.sophos.com/virusinfo/analyses/w32tengaa.html
-- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
- Next message: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
- Previous message: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
- In reply to: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
- Next in thread: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
- Reply: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
