cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Retrieve email from archive using JOURNAL REPORT's message-id. Possible?

zubkoff_s
Level 4
Certified

‎04-02-2015 04:10 AM

Hi team. 

Our end-users use encryption technology to protect their emails\attachments. Before Journal Report will be archived by EV, original encrypted email must be decrypted

We have dedicated server for journal report decryption process. But, if decryption server is busy (server isn't available, decryption failed, network issue, server overloaded,etc.), then Exchange server keeps journal report up to 3 days, until decryption server is available for processing journal report and decrypt original email. So, in worst case Exchange keeps journal report up to 3 days. After 3 days, regardless of journal report decryption process (was original email decrypted or not), journal report goes to journal mailbox for further archiving with EV. 

During these possible 3 days delay, operator can see delayed journal report with Exchange Message Queue console. 

Operator can see Journal Report message-ID, but not an attached (original email) message-ID. Surely operator has no rights to see original email message ID. 

IDEA: Operator see that journal report is 3 days in queue because of failed decryption. He hands over Journal Report Message ID information (as the only one available for him information) to e-discovery team. Discovery team, based on Journal Report Message ID do a search and retrieve message from archive for further manual decryption

Would it be possible to retrieve email from EV archive using Journal Report Message ID? 

P.S.: Sorry, experience troubles with inserting pictures into this forum. Can't attach any print screens. 

 

Thanks for assist. 

 

 

 

forum.png
33 KB
3 REPLIES 3

AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎04-03-2015 03:07 AM

what version of EV are you using? check out the example in this article. you may need to make a tiny adjustment to your search term if you're using 64bit indexes

Advance searching against IDEN field does not work with 64bit indexes.

Article:TECH209912  |  Created: 2013-08-23  |  Updated: 2014-05-19  |  Article URL http://www.symantec.com/docs/TECH209912

 

0 Kudos

zubkoff_s
Level 4
Certified

‎04-08-2015 07:06 AM

Hi AndrewB. Thanks for you response.

My EV is version 9, x32.

Unfortunately approach by using advanced search and IDEN attribute doesn't work for me.

 

I see that journal email and original email (from journal attachment) have also different suffixes:

In my case original email:

B3D4B9E250904A4792A73C361CA667FEB2A663D6@mydomain.local

Journal email:

d3d085b6-dc1f-4179-938e-26e691960a17@journal.report.generator

 

So, advanced searching is completed successfully in case of using B3D4B9E250904A4792A73C361CA667FEB2A663D6@mydomain.local as a value for IDEN attribute.

 

But searching brings no result in case of using

d3d085b6-dc1f-4179-938e-26e691960a17@journal.report.generator in any combination.

 

But d3d085b6-dc1f-4179-938e-26e691960a17@journal.report.generator is the only one unique attribute which operator can observer meanwhile message is in queue.

0 Kudos

AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎05-01-2015 03:13 PM

Did you ever figure this out?

0 Kudos