Forum Discussion

anon1m0us1's avatar
anon1m0us1
Level 6
13 years ago

Vault Virus Alert

I am on EV 10.0 and I just received a virus alert stating that

Risk name: Trojan.Smoaler

> File path: l:\Enterprise Vault Stores\ExchMVS01> Ptn1\2012\04-16\A\101\A202D8E3DA4654B6A9AC0CC488A7CB41~37~1FBFE897~00~

> 1.DVSSP>>TICKET_Delta Air_Lines.exe Event time: 2012-04-17 03:45:11

> GMT Database insert time: 2012-04-17 03:48:56 GMT

> User: SYSTEM

 

Is there away to track which user or mailbox is infected?

  • Never mind. I found this link and it worked!!!

     

    https://www-secure.symantec.com/connect/forums/archived-email-attachment-infected-virus-and-deleted-antivirus

  • Never mind. I found this link and it worked!!!

     

    https://www-secure.symantec.com/connect/forums/archived-email-attachment-infected-virus-and-deleted-antivirus

  • Reviewing the AV exclusion list, it seems that the Datastore should be excluded. So what would happen if the client AV did not pick this up, the email was archived, would this infect the whole EV system or does the content being in a DVSSP file keep EV safe?

     

  • EV will not be infected. dvssp is storage file of EV, can only be opened by ev-client.

    What will happen is that when this file is retrieved by the client, it will be scanned by the client AV and catched.