12-19-2011 05:28 PM
Hi,
We have SEP client 11 installed on EV server. Recently, our SEP detected that one of the archived email contain Virus and deleted accordingly. Below is the SEP alert, what happen if user try to restore this email ? Thanks
Message from:
Server name: dc02
Server IP: 10.1.2.2
At least one security risk found:
Risk name: Trojan.Zbot
File path: e:\EVStorage\Express Vault Store\Express Vault Store Ptn1\2011\12-15\8\038\8038C041EBBC2FBCDFF1830A7CD03B11~A0~6EFBE281~00~1.DVSSP>>American_Airlines-E_Ticket-PrntingCopy.exe
Event time: 2011-12-19 06:06:12 GMT
Database insert time: 2011-12-19 06:08:38 GMT
User: SYSTEM
Computer: EV
IP Address: 10.1.3.2
Domain: Default
Server: dc02
Client Group: My Company\KE-SERVER
Action taken on risk: Cleaned by deletion
Solved! Go to Solution.
12-19-2011 05:52 PM
Well, that is an actual virus that was going around. Are you sure it is from a users mailbox and not the journal archive?
You really should exclude the Vault Store Partition from AV scanning, it is against Best Practice to have AV scan them or the index locations. Article URL http://www.symantec.com/docs/TECH48856
I would imagine you are going to get an error trying to view that archived item.
12-19-2011 05:52 PM
Well, that is an actual virus that was going around. Are you sure it is from a users mailbox and not the journal archive?
You really should exclude the Vault Store Partition from AV scanning, it is against Best Practice to have AV scan them or the index locations. Article URL http://www.symantec.com/docs/TECH48856
I would imagine you are going to get an error trying to view that archived item.
12-19-2011 06:47 PM
Thanks for reply. It is from a user mailbox. Is it means the archive restore process can't be completed ?
12-19-2011 08:12 PM