04-16-2012 09:03 PM
I am on EV 10.0 and I just received a virus alert stating that
Risk name: Trojan.Smoaler
> File path: l:\Enterprise Vault Stores\ExchMVS01> Ptn1\2012\04-16\A\101\A202D8E3DA4654B6A9AC0CC488A7CB41~37~1FBFE897~00~
> 1.DVSSP>>TICKET_Delta Air_Lines.exe Event time: 2012-04-17 03:45:11
> GMT Database insert time: 2012-04-17 03:48:56 GMT
> User: SYSTEM
Is there away to track which user or mailbox is infected?
Solved! Go to Solution.
04-16-2012 09:23 PM
Never mind. I found this link and it worked!!!
https://www-secure.symantec.com/connect/forums/archived-email-attachment-infected-virus-and-deleted-antivirus
04-16-2012 09:23 PM
Never mind. I found this link and it worked!!!
https://www-secure.symantec.com/connect/forums/archived-email-attachment-infected-virus-and-deleted-antivirus
04-16-2012 10:39 PM
Reviewing the AV exclusion list, it seems that the Datastore should be excluded. So what would happen if the client AV did not pick this up, the email was archived, would this infect the whole EV system or does the content being in a DVSSP file keep EV safe?
04-16-2012 11:23 PM
EV will not be infected. dvssp is storage file of EV, can only be opened by ev-client.
What will happen is that when this file is retrieved by the client, it will be scanned by the client AV and catched.