VOX

Hi Marvin,

Thank you for your reply! This perfectly answers my second question.

Regards,
Ashley.

It answers both :) Because you should not be scannig the Vault Stores which is question one. Stuff that is getting archived needs to get thru exchange so have AV there.

Hi Marvin,

I don't fully agree with you on that.

Yes, e-mail should be scanned when going through Exchange. But I also recommend performing a periodic scan of the entire database just in case one slips by the first time (possibly because it is not recognized yet).

Depending on how long it takes for SEV to archive the message (instant, days, weeks) a message could be scanned in Exchange more than once reducing the chance a virus gets in to the SEV database.

Maybe I should rephrase my first question:

1) Is it possible to scan the contents of a SEV database for viruses? If so, what products can do this? 

Regards,
Ashley.

If you plan to scan your archived data, you will get corruption.

Most likely due to false alerts, but still.

Look at it this way.

A message containing a virus that is not yet detected by an av-application is put in the archive. The only way this virus might do some harm, is if the archived message is being recalled by the user. There is no way the archived message is being activated from the EV-stores/partitions.

Suppose this virus sits here, and virusdefinitions are updated, enabling detection for this virus.

As soon as the message is being recalled in Outlook, it will be catched by the users AV on the desktop, and/or the AV on exchange. and cleaned or quarentined. The virus will remain in the archive (provided you do not allow deletions), but cannot do any harm.

Please do NOT scan EV-locations. We have setup ev to have indexes/stores/msmq/cache and shopping under a folder called \enterprise vault\ and have excluded that folder from scanning.

Hi Flensje,

As far i know there is no EV aware antivirus available in the Market.

In the same time i do agree that there are chances to get the virus archived, in my company we had to migrate lot of mails from Groupwise to Exchange and while migrating we were not scning the mails so we got lot of virus in Exchange now in one location/server.

Ameen.

well the fact is you have multiple end points that are being scanned that it shouldn't necessarily matter if EV archives (unintentionally) a virus.


So on the incoming mail you should have a gateway that scans for viruses, on the exchange server itself you have a program that scans for viruses, on the client itself you have a program that scans for viruses, so if you try and restore and email item that has a virus in it, either SEV or sophos should catch it on the Exchange or outlook level.

For file system archiving you would have similar layers of protection too

Thank you guys for your thoughts and answers.

I understand there is no way to scan 'inside' the EV archive, so it has to be done while still in the Exchange database and/or when in transit. I agree this is not a problem, I was just looking for a way to remove a virus from the EV archive if it slipped through.

I also understand it's a bad idea to have a file-level scanner remove EV files and therefor requires some exclusions.

Ashley.