our virus scanner detected an infected file in one of the EV_CVT_Temp_ folders. This file was moved immidiately to the quarantine by the scanner software. If I am correct these CVT_Temp folders are used for archiving as well for manual archiving.
My question is if I have any chance to find out who of our users has archived this infected file? I checked all available EV logs but could not find any username or file.
Is there propably a chance to find out something in the EV DBs? Unfortunately we are not using Journaling.
EV version is 10.01 and we are running Exchange 2010.
Solved! Go to Solution.
First of all, which folder *exactly* is it you are referring to?
Secondly, chances are it's NOT an infected file, but shows 'signatures' that are similar to a virus, but really, they're not.. antivirus gets confused. This technote might help: