02-10-2012 08:32 AM
It could be possible that files are archived while they are infected with a virus. Not very probable, but in case of a very agressive archive strategy and a bad AV policy, it could be possible.
After having updated my AV, archived items won't be scanned, while normally (more like hopefully) you AV honours the O attribute of the placeholder.
Now if I retreive this item, it wil be scanned and probably the viral code removed. So it will be another item I suppose, while it is changed. If I close the item, the orginal archived one (with virus) will still be there and not deleted. I will have two versions then. Is this correct? And what will be the best procedure in case of several archived files infected?
gtnx
paul
Solved! Go to Solution.
02-11-2012 05:04 AM
02-10-2012 09:48 AM
I guess you are taking about the antivirus scaning your placeholder. Placeholder is the shortcut to the archvied file . Incase if the place holder gets corrupt you can re-create the placeholder using FSAUtility.
If the file is corrupt the archiving task wold fail to archive the file.
following are the documents for your reference
http://www.symantec.com/business/support/index?page=content&id=TECH51039
http://www.symantec.com/business/support/index?page=content&id=TECH61296
02-11-2012 01:35 AM
No, I'm talking about that the file with virus inside is archived. Because at that moment the virus was not detected for whatever reason. But when you retreive the file afterwards, the av scanner (on access) will scan and maybe now (updates) it will detect the virus. But then??
02-11-2012 04:41 AM
As I mentioned if the file is archiving task might fail to archvie the file which is infected with virus .If Ev archvies the infected file when you reterive it would not repair it though .It would just restore the file as it was before . Ev does not modify the file being a compliane software .
02-11-2012 05:04 AM
02-11-2012 07:03 AM
I was afraid of that already. While my av cleans the file, fingerprint wil be different, so EV will see it as a new version. Simular as if you retreive and edit a file. So I will have a clean and a infected version archived.