Microsoft Exchange Log - Possible Virus?

Discussion in 'NOD32 version 2 Forum' started by slyder, Aug 2, 2006.

Thread Status:
Not open for further replies.
  1. slyder

    slyder Registered Member

    Joined:
    Jun 2, 2006
    Posts:
    35
    Nod has quarantined one of our microsoft exchange 2003 logs, listing it as "probably a variant of BAT/Omega.A trojan"

    Since this warning we have excluded the exchange log directory from the nod32 scheduled scan, as we fear corrupting exchange due to the logs being quarantined.

    Should microsoft exchange related files be excluded from Amon and scheduled scans?

    Do you think this is likely a false positive?

    Thanks,
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hello,

    if the logs were moved to quarantine, would you please submit the appropriate nqi and nqf files from the eset/infected folder to support @ eset.com with a link to this thread?
     
  3. slyder

    slyder Registered Member

    Joined:
    Jun 2, 2006
    Posts:
    35
    Hi Marcos,

    I'm afraid I have already restored this file from quarantine, as I did not want the exchange server to be missing any of its logs.

    I have just been reading a microsoft page that says these exchange log files should not be scanned by normal av software, only exchange aware av:

    http://support.microsoft.com/?id=245822

    So sounds like nod32 should be excluded from scanning certain areas of exchange?
     
  4. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    Hi,

    You should exclude microsoft exchange as described in the KB article. I've listed all the MS documentation concerning AV exclusions in the following post.

    These should also be excluded from scheduled scans, were it not that NOD32 doesn't support exclusions from scheduled scans. For now I'm stuck and have disabled scheduled scans on my servers.
     
Thread Status:
Not open for further replies.