Please do not report 2525/tcp on Exchange servers as a possible result of Malware in pre2008/smtp_backdoor.nasl. This port is a default listening SMTP port for Exchange servers and many ISPs. Yes, I know it’s not in the RFC, but it’s definitely a de facto standard.
Sorry it is not, a false positive can be easy managed, but a false negative could be fatal.
Microsoft has a long history of broken setups you might exclude the port of your target if you are certain or you can use a override but by default is should stay there.
Thanks for considering it.