cancel
Showing results for 
Search instead for 
Did you mean: 

Enterprise Vault and Virus

dmc123
Level 4

When you run enterprise vault (8.0) and you have a virus that comes in on an email which is not caught prior to archiving how is this typically handled?  In other words, can I cleanse the email?  Do people remove the email?  Is there no worry about the virus?

I ask so that if we have a an issue where an infected email is archived that users to do not pull out an infected email when searching/restoring/etc the archive in the future.

1 ACCEPTED SOLUTION

Accepted Solutions

JesusWept3
Level 6
Partner Accredited Certified

well Enterprise Vault is typically requested to be excluded from Anti Virus detection, because a lot of times they can pick up DVS/DVSSP/DVSCC files as misidentify them as virus's, its a difficult situation to be in, if you can identify it from the client side, you can just get them to delete it from Search.asp/ArchiveExplorer etc etc

Normally though most companies have multiple layers of security
 - on the gateway coming in and out of the company
 - on the exchange servers themselves
 - on the users client machine and with an outlook add-in

Obviously Enterprise Vault being excluded on the temp directory and the vault stores can be seen as a big hole, but if they escape three layers of security already, it most likely wouldn't even been picked up on the EV Server either unfortunately

https://www.linkedin.com/in/alex-allen-turl-07370146

View solution in original post

2 REPLIES 2

JesusWept3
Level 6
Partner Accredited Certified

well Enterprise Vault is typically requested to be excluded from Anti Virus detection, because a lot of times they can pick up DVS/DVSSP/DVSCC files as misidentify them as virus's, its a difficult situation to be in, if you can identify it from the client side, you can just get them to delete it from Search.asp/ArchiveExplorer etc etc

Normally though most companies have multiple layers of security
 - on the gateway coming in and out of the company
 - on the exchange servers themselves
 - on the users client machine and with an outlook add-in

Obviously Enterprise Vault being excluded on the temp directory and the vault stores can be seen as a big hole, but if they escape three layers of security already, it most likely wouldn't even been picked up on the EV Server either unfortunately

https://www.linkedin.com/in/alex-allen-turl-07370146

GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified

If an infected item (mail/file/attachment) has been stored in EV, there is no AV solution that will scan and clean this.

You will need to rely on the desktop/mail/gateway AV to pick up the virus if needed.

Example.

Virus archived without being detected (due to new virus, old definitions, no av at all).

Month later, user wants to forward mail to someone, EV action = forward whole item. Item is scanned by now installed and up to date desktop av, CATCH.

Or, mail is sent CATCH in Exchange, or at gateway.

GJ

Regards. Gertjan