我最近将公司升级到了 AVG Business。它效果很好,确实有助于处理垃圾邮件。我注意到我们的 Exchange 服务器队列大约每十分钟就会受到感染。两个问题:
如果不重新启动,我无法清除感染,这会导致电子邮件停机约 30 分钟。(不可接受)我理解这是因为文件无法访问,但它们都来自哪里?
这是我们网络上的机器人还是收到的邮件?
最后,我是否应该担心这个问题?我觉得这可能是我们网络上的垃圾邮件机器人。
Scanned object Infection State Detection time Object type Process
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\e0312449-cd97-45ea-8274-1b9f9a44e1eb Virus found JS/Obfuscated Moved to Virus Vault 2010-07-07 13:21:20 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\e0312449-cd97-45ea-8274-1b9f9a44e1eb Virus found JS/Obfuscated Object is inaccessible. 2010-07-07 13:38:19 file C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\e0312449-cd97-45ea-8274-1b9f9a44e1eb Virus found JS/Obfuscated Object is inaccessible. 2010-07-07 13:38:12 file C:\WINDOWS\Explorer.EXE
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\e59d5870-81b2-4c56-b330-ec4e9ebbe9bc Virus found JS/Obfuscated Moved to Virus Vault 2010-07-07 13:21:20 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\ebfafd55-5a91-4786-9827-9a8dfe3b8884 Virus found JS/Obfuscated Moved to Virus Vault 2010-07-07 13:21:20 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\ed35ea91-f4b3-4139-8c82-81cdc14ab6ca Virus found JS/Dropper Moved to Virus Vault 2010-07-07 13:21:21 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\ef25b8d0-c327-458f-a7db-39e0579c0398 Virus found JS/Dropper Moved to Virus Vault 2010-07-07 13:21:21 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\fc76582c-f1d1-483d-8a62-910e2a10e054 Virus found JS/Obfuscated Moved to Virus Vault 2010-07-07 13:21:21 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_02fe480101cb1dee00000a3b.EML Virus found JS/Obfuscated Reboot is required to finish the action 2010-07-07 13:21:28 file C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_02fe480101cb1dee00000a3b.EML Virus found JS/Obfuscated Reboot is required to finish the action 2010-07-07 12:42:31 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_02fe480101cb1dee00000a3b.EML Virus found JS/Obfuscated Reboot is required to finish the action 2010-07-07 13:02:46 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_02fe480101cb1dee00000a3b.EML Virus found JS/Obfuscated Reboot is required to finish the action 2010-07-07 12:28:30 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_02fe480101cb1dee00000a3b.EML Virus found JS/Obfuscated Reboot is required to finish the action 2010-07-07 13:11:20 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_02fe480101cb1dee00000a3b.EML Virus found JS/Obfuscated Reboot is required to finish the action 2010-07-07 13:23:44 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e3ae89401cb1ddd00006f44.EML Virus found JS/Dropper Reboot is required to finish the action 2010-07-07 10:04:38 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e3ae89401cb1ddd00006f44.EML Virus found JS/Dropper Reboot is required to finish the action 2010-07-07 10:03:33 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e3ae89401cb1ddd00006f44.EML Virus found JS/Dropper Infected 2010-07-07 11:44:34 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:56:59 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:25:44 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:09:52 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:24:49 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:45:53 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:08:35 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:32:58 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:16:11 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:15:49 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 05:06:17 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:06:30 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:31:44 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 05:58:31 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:06:32 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:30:30 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:07:36 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:07:13 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:05:25 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:05:59 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 09:42:03 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 05:48:29 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 03:14:49 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:47:24 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:04:39 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 02:03:15 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-07 18:03:21 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 05:28:25 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 02:11:11 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 06:36:12 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 05:37:59 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 02:21:40 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 09:52:02 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 02:32:04 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 05:16:18 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 02:53:37 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 03:33:01 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 03:03:47 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 03:24:54 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 04:26:40 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 09:43:13 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 09:31:32 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 09:00:37 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 08:51:02 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 08:31:28 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 08:23:08 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 08:22:00 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 08:12:26 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 08:03:57 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:54:22 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:45:51 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\NTFS_0e50580e01cb1e20000033eb.EML Virus found JS/Dropper Infected 2010-07-08 07:35:51 file C:\WINDOWS\system32\inetsrv\inetinfo.exe
更新:我尚未在装有 Exchange 2003 的 Windows Server 2003 R2 上正确安装 AVG Business Internet Security 9.0。似乎需要将其添加/安装到管理控制台中的应用程序服务器部分。有人能解释一下如何做到这一点吗?
**最终更新
以下是 AVG 的回复 :)
尊敬的客户,您引用的文件 avg_ipw_stf_all_90_839a2960.exe 是用于工作站和文件服务器的安装文件。
您应该在 Exchange 服务器上安装的文件是电子邮件服务器版本(文件名为 avg_msw_stf_all_90_839a2960.exe,附带用于扫描 Exchange 和反垃圾邮件插件的插件)。请下载以下文件并将其部署到您的 Exchange 服务器,以便它正确显示在应用程序服务器组中:
http://download.avg.com/filedir/inst/avg_msw_stf_all_90_839a2960.exe**
答案1
您看到的是带有病毒附件的来信。这些病毒尚未感染 Exchange,它们旨在感染客户端。听起来 AVG Business 并没有以应有的方式处理它。它将每个文件视为具有主动有效载荷而非被动有效载荷的真正感染。这在很大程度上与 Exchange 不兼容(而且,您没有提到 Exchange 版本)。
看看 AVG,应该与 Exchange 配合使用的产品是 AVG Internet Security Business Edition 9.0。如果您实际运行的是该产品,则需要将其重新配置为使用 VSAPI 扫描而不是文件级扫描(方便手册的第 177 页)。或者,如果您使用的是 Exchange 2007/2010,则使用路由传输扫描器。