Using DOS to remove potentially infected .zip files
Results 1 to 5 of 5

Thread: Using DOS to remove potentially infected .zip files

  1. #1

    Question Using DOS to remove potentially infected .zip files

    Our antivirus software has been renaming all of the MyDoom .zip files rather than deleting them, so I've been ordered to manually remove them via DOS. Basically I'm going to our mail server, going into the folder in which attachments are stored (named "K:\MAILATCH") and then finding and deleting all *.zip files. I was told to do a "dir *.zip". I'm not very well schooled in DOS commands (I know, a sad thing), so this is a bit foreign to me. Mind lending some knowledge on how to do this? What commands do I use?

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Basic dos commands....

    dir [argument] - list contents of directory
    rmdir [directory] - remove directory
    del [file] - delete file
    cd [directory] - change directory
    * - wild card character (everything)

    if you cant do it with those commands then, research dos on

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    A straightforward

    del *.zip /S

    will remove all zip files from the directory and all subdirectories. Just make sure you are in the correct directory before you issue that or you may destroy other zips you want to keep.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member
    Join Date
    Oct 2001
    What mail system are you using? I'm guessing as you are saying that you are going to a drive and deleting files that you are referring the the virtual M:\ drive on exchange 2000. If so, the easiest and fastest way to do what you want to do is with a tool called exmerge.

    You can download the tool for free from MS, and there is plenty of documentation about how the tool works. But it will basically look inside of every mailbox for whatever criteria you specify and archive out the messages that meet your criteria. In this way you can get much more specific and not delete all .zip's but only those .zip's that have a subject line that corresponds to the mydoom.
    Exmerge instructions Check the reskit for the exmerge .exe's.

    Also, in exchange 2000, you are using the virus api 2.0 which does not allow for the message to be deleted entirely through vapi scanning. There are three possible fixes for this:

    1: Use an "smtpsink" to delete the messages at the connector level. This is however a rather CPU intensive process. If your machine is not that heavily utilized it may be the best solution though. SMTPsink instructions

    2: Newer AV products such as NAI Groupshield 6.0 have transport scanning. This is very similiar to the MS provided smtpsink, it is just much more efficient.

    3: Upgrade to exchange2003 and a current antivirus package that support vapi2.5. In vapi2.5 you have the option to permanently delete the messages without notification to sender/recipient. VAPI 2.5 info

  5. #5
    Thanks guys, AntiOnline crew saves the day again. That's exactly what I needed to know.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts