Reply to post: Re: There is a little bit of me

Scanning an Exchange server for a virus that spreads via email? What could go wrong?

LDS Silver badge

Re: There is a little bit of me

For what I read, it had big troubles restoring the mail database because in Exchange just replacing an older file is not enough - as database systems are usually picky when data files, logs and other things don't match. So, sure, he deleted the ILOVEYOU mails of that day - but whatever else was lurking there from previous days was still there.

Cleaning such stuff exactly needs tools which are able to read the database correctly and clean infected messages one by one - but you usually need to have the mail database open and accessible to run them, because accessing the on-disk structure of such files - often undocumented - it's a very risky task.

While in certain circumstance you may not have other options that wiping everything, running an AV against database files is usually a very bad idea - especially if the default actions is "delete".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019