Microsoft Exchange Log - Possible Virus?

Nod has quarantined one of our microsoft exchange 2003 logs, listing it as "probably a variant of BAT/Omega.A trojan"

Since this warning we have excluded the exchange log directory from the nod32 scheduled scan, as we fear corrupting exchange due to the logs being quarantined.

Should microsoft exchange related files be excluded from Amon and scheduled scans?

Do you think this is likely a false positive?

Thanks,

 

Hello,

if the logs were moved to quarantine, would you please submit the appropriate nqi and nqf files from the eset/infected folder to support @ eset.com with a link to this thread?

 

Hi Marcos,

I'm afraid I have already restored this file from quarantine, as I did not want the exchange server to be missing any of its logs.

I have just been reading a microsoft page that says these exchange log files should not be scanned by normal av software, only exchange aware av:

http://support.microsoft.com/?id=245822

So sounds like nod32 should be excluded from scanning certain areas of exchange?

 

Hi,

You should exclude microsoft exchange as described in the KB article. I've listed all the MS documentation concerning AV exclusions in the following post.

These should also be excluded from scheduled scans, were it not that NOD32 doesn't support exclusions from scheduled scans. For now I'm stuck and have disabled scheduled scans on my servers.