cancel
Showing results for 
Search instead for 
Did you mean: 

Vault Virus Alert

anon1m0us1
Level 6

I am on EV 10.0 and I just received a virus alert stating that

Risk name: Trojan.Smoaler

> File path: l:\Enterprise Vault Stores\ExchMVS01> Ptn1\2012\04-16\A\101\A202D8E3DA4654B6A9AC0CC488A7CB41~37~1FBFE897~00~

> 1.DVSSP>>TICKET_Delta Air_Lines.exe Event time: 2012-04-17 03:45:11

> GMT Database insert time: 2012-04-17 03:48:56 GMT

> User: SYSTEM

 

Is there away to track which user or mailbox is infected?

1 ACCEPTED SOLUTION

Accepted Solutions

anon1m0us1
Level 6

Never mind. I found this link and it worked!!!

 

https://www-secure.symantec.com/connect/forums/archived-email-attachment-infected-virus-and-deleted-antivirus

View solution in original post

3 REPLIES 3

anon1m0us1
Level 6

Never mind. I found this link and it worked!!!

 

https://www-secure.symantec.com/connect/forums/archived-email-attachment-infected-virus-and-deleted-antivirus

anon1m0us1
Level 6

Reviewing the AV exclusion list, it seems that the Datastore should be excluded. So what would happen if the client AV did not pick this up, the email was archived, would this infect the whole EV system or does the content being in a DVSSP file keep EV safe?

 

GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified

EV will not be infected. dvssp is storage file of EV, can only be opened by ev-client.

What will happen is that when this file is retrieved by the client, it will be scanned by the client AV and catched.

Regards. Gertjan