Question : Exchange recovery

I am looking at a problem with a SBS 2003 Exchange server. It looks like the antivirus program had not been configured to bypass the Exchange files and has deleted an entry in a log file. This is the entry from the antivirus log:

18/06/2010      17:18:44      Deleted (Clean failed)       NT AUTHORITY\SYSTEM      C:\Program Files\Exchsrvr\bin\store.exe      I:\Program Files\Exchsrvr\mdbdata\E00.log\00002d8c.js      JS/Redirector (Trojan)

The databases will now not mount and the entry in the Event Viewer is below. Is there any action I can take other than restoring yesterday’s backup?

Event Type:      Error
Event Source:      ESE
Event Category:      General
Event ID:      486
Date:            18/06/2010
Time:            17:18:44
User:            N/A
Computer:      SHERWOODSRVR01
Description:
Information Store (3688) First Storage Group: An attempt to move the file "I:\Program Files\Exchsrvr\mdbdata\E00.log" to "I:\Program Files\Exchsrvr\mdbdata\E001279F.log" failed with system error 2 (0x00000002): "The system cannot find the file specified. ".  The move file operation will fail with error -1811 (0xfffff8ed).

There is also another Event Viewer entry:
Event Type:      Error
Event Source:      ESE
Event Category:      Logging/Recovery
Event ID:      413
Date:            18/06/2010
Time:            17:18:44
User:            N/A
Computer:      SHERWOODSRVR01
Description:
Information Store (3688) First Storage Group: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1811.

Answer : Exchange recovery

You should be able to run ESEUTIL to repair the database. Since the file was deleted by A/V, ESEUTIL will just update the index and there *should* be no data loss.  As always, have a backup. And set up your A/V exclusions!!!