Virus in c:\temp?

[Dyadmin]

ok... I have a weird one.I keep having something in my event logs that my antivirus has deleted the Zafi and Bagle.ii worms in c:\temp. Basically the message in the event log says: "the bagle.ii (or zafi) worm has been deleted in c:\temp\$lkjdf.tmp" by anitvirus account and so forth.

I run an EPO in my organization with McAfee as my antivirus solution and I verified that all my workstations are working and fully updated. I also and 100% positive all my patches are current. So I decided to visit around the virus alert sites on McAfee and Symantec to see if any non critical patches need to be deployed. I read on the symantec sarc site, that there was an OWA vulnerability. I patched it and no problems but that message in the event log message continues.. any ideas?

 

[Dyadmin]

Figured out my issue, I use Xwall as my spam filter. It uses the temp directory to put messages in a stand-by area (your nt temp folder by default) to scan it against spam databases and if it passes it goes to your exchange IMC. If I get emailed a virus, xwall takes it, scan it against spam databases, but when it takes it, my antivirus on my server scans that message and deletes it, thereby having xwall "lose" the message and it's never sent to people in your organization.

By the way, Xwall is great! Thanks to all who replied... oh wait it was just me! hehe kiddin folks, sorry for the sarcasm!

 

[h5n1]

is it free? =)

SET CRTL ALT DEL = #728
-----------------------
greg

 

[cmeagan656]

No. About $400 US, one time fee only. Check it our here

http://www.dataenter.co.at/products/xwall.htm

But it is fantastic. It takes a bit of configuring but its now stopping 99.9% of our spam with less than .1% false positives.

Cheeers.

 

[Dyadmin]

Xwall rocks my friend and very little overhead on the server.