Forum Discussion

dmc123's avatar
dmc123
Level 4
14 years ago

Enterprise Vault and Virus

When you run enterprise vault (8.0) and you have a virus that comes in on an email which is not caught prior to archiving how is this typically handled?  In other words, can I cleanse the email?  Do people remove the email?  Is there no worry about the virus?

I ask so that if we have a an issue where an infected email is archived that users to do not pull out an infected email when searching/restoring/etc the archive in the future.

Enterprise Vault
Evaluating
Information Governance
  • JesusWept3's avatar
    JesusWept3
    14 years ago

    well Enterprise Vault is typically requested to be excluded from Anti Virus detection, because a lot of times they can pick up DVS/DVSSP/DVSCC files as misidentify them as virus's, its a difficult situation to be in, if you can identify it from the client side, you can just get them to delete it from Search.asp/ArchiveExplorer etc etc

    Normally though most companies have multiple layers of security
     - on the gateway coming in and out of the company
     - on the exchange servers themselves
     - on the users client machine and with an outlook add-in

    Obviously Enterprise Vault being excluded on the temp directory and the vault stores can be seen as a big hole, but if they escape three layers of security already, it most likely wouldn't even been picked up on the EV Server either unfortunately

2 Replies

Sort By
  • JesusWept3's avatar
    JesusWept3
    Level 6
    14 years ago

    well Enterprise Vault is typically requested to be excluded from Anti Virus detection, because a lot of times they can pick up DVS/DVSSP/DVSCC files as misidentify them as virus's, its a difficult situation to be in, if you can identify it from the client side, you can just get them to delete it from Search.asp/ArchiveExplorer etc etc

    Normally though most companies have multiple layers of security
     - on the gateway coming in and out of the company
     - on the exchange servers themselves
     - on the users client machine and with an outlook add-in

    Obviously Enterprise Vault being excluded on the temp directory and the vault stores can be seen as a big hole, but if they escape three layers of security already, it most likely wouldn't even been picked up on the EV Server either unfortunately

  • GertjanA's avatar
    GertjanA
    Moderator
    14 years ago

    If an infected item (mail/file/attachment) has been stored in EV, there is no AV solution that will scan and clean this.

    You will need to rely on the desktop/mail/gateway AV to pick up the virus if needed.

    Example.

    Virus archived without being detected (due to new virus, old definitions, no av at all).

    Month later, user wants to forward mail to someone, EV action = forward whole item. Item is scanned by now installed and up to date desktop av, CATCH.

    Or, mail is sent CATCH in Exchange, or at gateway.

    GJ