How can I search my Exchange stores for virus infected messages?

John Savill

December 21, 1999

2 Min Read
ITPro Today logo in a gray background | ITPro Today

A. After the problems with the recentMelissa virus, Microsoft have produced autility which can search your Exchange store for messages which have beeninfected with a virus and clean them. This will not in any way preventthe virus from being introduced into the email system, you should ensure youare running anti-virus software to prevent the virus infecting your messagestores.

The utility can be downloaded for Exchange 5.5 and 5.0 for both Intel andAlpha

Once downloaded the self extracting file produces two files, ISSCAN.EXE andthe symbol file ISSCAN.DBG. Once you copy the files to the server runningExchange it is used as follows (you don't need to copy the .dbg file)

For Exchange 5.5

  1. Logon as an Administrator

  2. Stop the Microsoft Exchange Server Information Store server (via ControlPanel - Services)

  3. Enter the command below from the command prompt (cmd.exe)
    C:> ISSCAN -fix {-pri | -pub} -test badmessage, badattach [-c]
    Where the -fix parameter instructs ISSCAN to remove the messages or attachmentsfound. Without the -fix parameter, ISSCAN will record all the messages andattachments it finds in a log file.
    The -pri or -pub parameter instructs ISSCAN to scan either the private orpublic information store (priv.edb or pub.edb).
    The -test badmessage parameter deletes messages from the message tabledetermined to be bad. The -test badattach parameter deletes attachments fromthe attachment table determined to be bad.
    The -c is optionally and allows you to specify whichmessages ISSCAN will search for. If not used the Melissa virus will be searchedfor. The format of the criteria file is supplied in the readme file for ISSCANwhich can be downloaded fromhere.

ISSCAN will create a report called either isscan.pri or isscan.pub,depending on whether you are scanning a private store or public store. Thisreport will include the attachment's filename that is deleted, and the senderof a message that is deleted. You can then use this information to determinethe users computers who may need extra attention.

This utility is very powerful and can be very constructive or destructivedepending on how it is used. Please use with caution and consider every actiontwice before implementing. There is no undo so restoring a backup is thealternative if a problem occurs. It is recommended that you do not use thisutility until a known good backup is secured.

About the Author

John Savill

John Savill

https://savilltech.net

See more from John Savill
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

the interface of the PowerShell search tool with a hand holding a magnifying glass on a background of a blue sky and clouds in the shape of gears
PowerShell
How I Built My Own PowerShell Multi-File Search Tool
How I Built My Own PowerShell Multi-File Search Tool

Oct 22, 2024

burnout gif featuring a mannequin surrounded by office technology on fire
Career Tips
Am I Burned Out? How To Identify and Address Burnout in IT
Am I Burned Out? How To Identify and Address Burnout in IT

Oct 24, 2024

MLOps
Ops and More
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?

Oct 23, 2024

Exclusive ITPro Resources
See all ITPro Resources

Featured Technical Explainers

AI chip
Cloud Computing
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
Cloud vs. On-Prem AI Accelerators: Choosing the Best Fit for Your AI Workloads
SaaS concept on a tablet
Cloud Computing
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
Why SaaS Backup Matters: Protecting Data Beyond Vendor Guarantees
DevOps logo on top of code
DevOps
DevOps: Key to Faster, More Efficient Government Software Development
DevOps: Key to Faster, More Efficient Government Software Development
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

Recent What Is

cartoon shows a person next to a checklist and several icons that represent disaster scenarios
Disaster Recovery
BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster RecoveryBCDR Basics: A Quick Reference Guide for IT Pros
technology interface with a person's hand drawing gears and cogs
PowerShell
Introduction To PowerShell Environment VariablesIntroduction To PowerShell Environment Variables