Program Files\Exchsrvr\Mailroot\vsi 1\UceArchive

Discussion in 'Windows Small Business Server' started by Imtiaz Kiani, Jun 1, 2005.

  1. Imtiaz Kiani

    Imtiaz Kiani Guest

    C:\Program Files\Exchsrvr\Mailroot\vsi 1\UceArchive
    MaCafee on Demand scan has detected 4 Virus on the objects under the above
    path with XXXXXXXXXXXXXXXXXX.EML extension files.

    my question is if it is safe to delete these files manually, On demand scan
    window result reports the virus but clicking delete would not remove the
    files. I wonder if i can try deleting from windows explorer if it is SAFE to
    do so.

    Product SBS 2003 Premium Ed

    best regards
    Kiani
     
    Imtiaz Kiani, Jun 1, 2005
    #1
    1. Advertisements

  2. Imtiaz Kiani

    Aart Jansen Guest

    no you should exclude that folder from being scanned, and let an exchange
    aware antivirus program deal with virus infected mail. exchange likes to
    pout if you manually toy with its queues, where pouting is equivalent to
    stopping services.
     
    Aart Jansen, Jun 1, 2005
    #2
    1. Advertisements

  3. Imtiaz Kiani

    Jerry zhao Guest

    Hi Kiani,

    Thanks for your post.

    The UceArchive folder is used to store the unsolicited commercial e-mail
    (UCE) determined by Intelligent Message Filter (IMF) if you select Archive
    as the option on the IMF. The IMF include embed filter, third party
    anti-spam and anti-virus software.

    As for your scenario, the email may contain some virus that being detected
    by the MaCafee.

    Based on my knowledge, there is no other risk but lost the e-mail if your
    manually delete the files in that folder.

    For your information:

    Overview of Exchange Server 2003 and Antivirus Software
    http://support.microsoft.com/?id=823166

    If you have any questions please do not hesitate to let me know. I am glad
    to be of assistance.

    Best regards,

    Jerry Zhao (MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Jerry zhao, Jun 1, 2005
    #3
  4. Imtiaz Kiani

    AllenM Guest

    Hi Kiani,
    Like Jerry said the UCEArchieve folder is where IMF sends your UCE to. These
    can contain virus and and in some cases they do. I would let my AV still
    scan them. whether they are safe to delete is up to you. This may be USE's
    but then again they can be legitimate emails that IMF considers UCE's. I
    would use the IMF Companion to view them before deleting them. You can use
    IMFC to delete, archieve or release and deliver to the mailbox. Better safe
    than sorry.
     
    AllenM, Jun 1, 2005
    #4
  5. Imtiaz Kiani

    Imtiaz Kiani Guest

    I have following location infected. Details are appended below.


    C:\Data\Profiles\acarol\Application
    Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4cbbb6a0-4de07048.zip

    C:\Data\Profiles\acarol\Application
    Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4cbbb6a0-4de07048.idx

    Mcafee On demand Virus Scan reports 4 Trojans on SBS 2003 Premium Ed.
    Blackbox.class
    vb.class
    dummy.class
    beyond.class

    I have tried to scan User's W2K station for spyware using Microsoft anti
    Spy Beta. results were clean.

    The user roaming profile was removed from local W2K station.

    The files containing the virus was removed from SBS premium server from
    location

    C:\Data\Profiles\acarol\Application
    Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

    This morning I ran the scan again and it reports the same files on the
    server containing Viruses.

    Please advise the possible solution.

    best regards
    Kiani
     
    Imtiaz Kiani, Jun 6, 2005
    #5
  6. Imtiaz Kiani

    Imtiaz Kiani Guest

    I have following location infected. Details are appended below.


    C:\Data\Profiles\acarol\Application
    Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4cbbb6a0-4de07048.zip

    C:\Data\Profiles\acarol\Application
    Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4cbbb6a0-4de07048.idx

    Mcafee On demand Virus Scan reports 4 Trojans on SBS 2003 Premium Ed.
    Blackbox.class
    vb.class
    dummy.class
    beyond.class

    I have tried to scan User's W2K station for spyware using Microsoft anti
    Spy Beta. results were clean.

    The user roaming profile was removed from local W2K station.

    The files containing the virus was removed from SBS premium server from
    location

    C:\Data\Profiles\acarol\Application
    Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

    This morning I ran the scan again and it reports the same files on the
    server containing Viruses.

    Please advise the possible solution.

    best regards
    Kiani
     
    Imtiaz Kiani, Jun 6, 2005
    #6
  7. Imtiaz Kiani

    Jerry zhao Guest

    Hi Kiani,

    Thanks for you upate.

    It is looks like that your anti-virus software scan out some viruses
    however can not eliminate them. As for this, I would like to suggest that
    you update your anti-virus software to the latest definitions.

    If the issue still persists, you may need to contact the Mcafee support for
    further support. Since it is they product and they may have more first hand
    information about that.

    If there is anything else that I can do for you, please feel free to
    contact me, and I will be happy to help!

    Best regards,

    Jerry Zhao (MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Jerry zhao, Jun 7, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.