cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

EV archived attachment was deleted by SEP on EV server

Go to solution
KimengIt
Level 4

‎12-19-2011 05:28 PM

Hi,

               We have SEP client 11 installed on EV server. Recently, our SEP detected that one of the archived email contain Virus and deleted accordingly. Below is the SEP alert, what happen if user try to restore this email ? Thanks

 

Message from:

                Server name: dc02

                Server IP: 10.1.2.2

 

At least one security risk found:

 

Risk name: Trojan.Zbot

File path: e:\EVStorage\Express Vault Store\Express Vault Store Ptn1\2011\12-15\8\038\8038C041EBBC2FBCDFF1830A7CD03B11~A0~6EFBE281~00~1.DVSSP>>American_Airlines-E_Ticket-PrntingCopy.exe

Event time: 2011-12-19 06:06:12 GMT

Database insert time: 2011-12-19 06:08:38 GMT

User: SYSTEM

Computer: EV

IP Address: 10.1.3.2

Domain: Default

Server: dc02

Client Group: My Company\KE-SERVER

Action taken on risk: Cleaned by deletion

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎12-19-2011 05:52 PM

Well, that is an actual virus that was going around.  Are you sure it is from a users mailbox and not the journal archive?

You really should exclude the Vault Store Partition from AV scanning, it is against Best Practice to have AV scan them or the index locations.  Article URL http://www.symantec.com/docs/TECH48856

I would imagine you are going to get an error trying to view that archived item.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎12-19-2011 05:52 PM

Well, that is an actual virus that was going around.  Are you sure it is from a users mailbox and not the journal archive?

You really should exclude the Vault Store Partition from AV scanning, it is against Best Practice to have AV scan them or the index locations.  Article URL http://www.symantec.com/docs/TECH48856

I would imagine you are going to get an error trying to view that archived item.

0 Kudos

Go to solution
KimengIt
Level 4

‎12-19-2011 06:47 PM

Thanks for reply. It is from a user mailbox. Is it means the archive restore process can't be completed ?

0 Kudos

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎12-19-2011 08:12 PM

Yup once it's deleted the user can no longer get it back, but to be honest that's probably a good thing
https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos