Been seeing a lot of these this week, all with different senders
Microsoft Forefront Protection for Exchange Server has detected a virus.
Virus name: "Trojan-Spy.HTML.Fraud.gen"
File name: "Body of Message"
Subject line: "FW: Receipt for Your Payment to AU-AdCommerce-EOM@ebay.com"
Sender: "Jacki Seers"
Scan job: "Transport"
Thankfully forefront removes it!
Been getting lot of errors over the past couple of week with the Kaspersky engine not updating:
Log Name: Application
Event ID: 6012
Task Category: Engine Error
Microsoft Forefront Protection encountered an error while performing a scan engine update.
Scan Engine: Kaspersky
Error Code: 0x80004005
Error Detail: Description: An error occurred while loading the scan engine.
The resolution works a dream:
Under C:ProgramData there is a folder called "KasperSky SDK" (you will have to enable viewing of hidden files to see if)
Rename the folder to say it for example to "KasperSky SDK,old”
Update "Kaspersky" through the Forefront Console
#Exchange #Exchange2010 #Virus
So this is a summary of what Microsoft Forefront Protection for Exchange Server detected as a virus.
- Subject line: "Botanical Gardens Boot Camp NOW STARTING"
- Subject line: "Just for Cardholders: Save an extra 10% on select TVs at Amazon.com"
- Subject line: "Bank of America Customer Service – Tell us what you think"
- Subject line: "PayPal – Your account has been limited!"
- File name: "winmail.dat->Insurance.zip->1036775_4909136e-c76f-466a-a8fe-a935fb735dbd_TATAAIGFIRSTPLAN.doc"
So it’s been annoying me, when Forefront sends you an email, the from address it is a bit pants, and I want to change it. By default it’s ForefrontServerProtection@servername.server.
I looked around the PowerShell add in for Forefront and drew a blank so after a bit of googling I found this: http://technet.microsoft.com/en-us/library/dd639362.aspx
Changing the From address for notifications
FPE utilizes SMTP messaging for notification purposes, placing the message in the SMTP service Pickup folder and resolving the Exchange name with the Active Directory directory service. By default, the server profile used for identifying notifications is: ForefrontServerProtection@servername.server. However, you can change this server profile by modifying the FromAddress registry value.
To modify the FromAddress registry value
Open the Registry Editor and navigate to the following registry key:
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftForefront Server SecurityNotifications
Modify the default value of FromAddress to the sender name you would like. Alphanumeric characters are acceptable. You may also use the at sign (@) or a period (.), but these characters cannot be the first or last character. Any illegal characters will be replaced with an underscore (_).
You must restart the relevant Microsoft Exchange and Microsoft Forefront Server Protection services in order for this change to take effect.