Skip navigation
Menu
Compute Engines

How can I search my Exchange stores for virus infected messages?

A. After the problems with the recent Melissa virus, Microsoft have produced a utility which can search your Exchange store for messages which have been infected with a virus and clean them. This will not in any way prevent the virus from being introduced into the email system, you should ensure you are running anti-virus software to prevent the virus infecting your message stores.

The utility can be downloaded for Exchange 5.5 and 5.0 for both Intel and Alpha

Exchange 5.5 Intel  ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/ENG/Exchg5.5/ISSCAN/ISSCANI.EXE
Exchange 5.5 Alpha ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/ENG/Exchg5.5/ISSCAN/ISSCANA.EXE
Exchange 5.0 Intel ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/ENG/Exchg5.0/ISSCAN/ISSCANI.EXE
Exchange 5.0 Alpha ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/ENG/Exchg5.0/ISSCAN/ISSCANA.EXE

Once downloaded the self extracting file produces two files, ISSCAN.EXE and the symbol file ISSCAN.DBG. Once you copy the files to the server running Exchange it is used as follows (you don't need to copy the .dbg file)

For Exchange 5.5

  1. Logon as an Administrator
  2. Stop the Microsoft Exchange Server Information Store server (via Control Panel - Services)
  3. Enter the command below from the command prompt (cmd.exe)
    C:\> ISSCAN -fix \{-pri | -pub\} -test badmessage, badattach \[-c <criteria file>\]
    Where the -fix parameter instructs ISSCAN to remove the messages or attachments found. Without the -fix parameter, ISSCAN will record all the messages and attachments it finds in a log file.
    The -pri or -pub parameter instructs ISSCAN to scan either the private or public information store (priv.edb or pub.edb).
    The -test badmessage parameter deletes messages from the message table determined to be bad. The -test badattach parameter deletes attachments from the attachment table determined to be bad.
    The -c <criteria file> is optionally and allows you to specify which messages ISSCAN will search for. If not used the Melissa virus will be searched for. The format of the criteria file is supplied in the readme file for ISSCAN which can be downloaded from here.

ISSCAN will create a report called either isscan.pri or isscan.pub, depending on whether you are scanning a private store or public store. This report will include the attachment's filename that is deleted, and the sender of a message that is deleted. You can then use this information to determine the users computers who may need extra attention.

This utility is very powerful and can be very constructive or destructive depending on how it is used. Please use with caution and consider every action twice before implementing. There is no undo so restoring a backup is the alternative if a problem occurs. It is recommended that you do not use this utility until a known good backup is secured.

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023