Re: Trend, Quarantine, Backup Exclusions, eManager, SMCF
From: Les Connor (les.connor_at_DEL.cfive.ca)
Date: 10/01/04
- Next message: Attila Csokai: "Re: ISA Config Question"
- Previous message: Geoff Dutch: "FTP via VPN"
- In reply to: David Schrag: "Re: Trend, Quarantine, Backup Exclusions, eManager, SMCF"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 1 Oct 2004 08:24:44 -0500
Susan does a great job of picking up anything of value and posting it on her
blog. I only post here. I haven't done anything different on Trend installs
since Susan posted that list.
About the only thing I'm doing differently now is disabling the Exchange
Attachment Blocking (in CEICW), and turning all attachment handling over to
Trend. I've enabled the IntelliScan and ActiveAction options in Scanmail,
and they are working well at selectively taking attachment and virus
actions, dependent on what the discovered threat is.
This is cool, because you don't have to throw a blanket of all attachments
of a certain type(s). It's putting a lot of faith in the Trend suite, but I
have come to trust CSM.
-- Les Connor [SBS Community Member] ------------------------------------- SBS Rocks ! "David Schrag" <david-no-spam@schrag.net> wrote in message news:uTqElS2pEHA.1152@TK2MSFTNGP11.phx.gbl... > Good to know. I don't think I'm ready for IMF yet. 8^) > > BTW, have you made any updates to your C/S/M on SBS03 instructions, as > found at http://msmvps.com/bradley/archive/2004/05/07/6038.aspx? Do you > have your own place for blogging or otherwise maintaining your notes? > > "Les Connor" <les.connor@DEL.cfive.ca> wrote in message > news:%23BrQO3zpEHA.2684@TK2MSFTNGP11.phx.gbl... >> I'll say yes. >> >> BTW, I think I discovered something, only partly related to Trend A/V. >> >> I was messing with IMF. I got it to run in front of the Trend suite, >> meaning it was first in line for incoming mail, and set it to archive. It >> archived spam, some of which had viruses. >> >> My backups (partially) failed - on verify. Officescan reported viruses in >> the shadow copy. I think what was happening, is that Officescan was >> cleaning or quarantining the shadow copy as it was written prior to the >> backup. >> >> I ditched IMF, and ditched the IMF archive. Backups continued to fail, >> and Officescan reported viruses in two shadow copies. I deleted the >> shadow copies, and Officescan and SBSbackup are now happy again. >> >> Interestingly, if eManager and Scanmail deal with the viruses as they >> come in, there are no issues with Officescan or Backup. The Trend folders >> are excluded from Officescan scanning (by default, I believe), so it >> appears they are not scanned even when the shadow copy is created. They >> are *not* excluded from backup. No errors. >> >> The point is, if you move your archive (or at least your quarantine) >> folders, then you should explicitly exclude them from A/V scanning. >> >> -- >> Les Connor [SBS Community Member] >> ------------------------------------- >> SBS Rocks ! >> >> >> >> "David Schrag" <david-no-spam@schrag.net> wrote in message >> news:%2307Fz0ypEHA.648@tk2msftngp13.phx.gbl... >>> But what about the folders in the original C:\Program Files\... >>> location, now that the new quarantine location is in C:\Trend\...? Can I >>> delete the C:\Program Files\... folders using Windows Explorer? >>> >>> "Les Connor" <les.connor@DEL.cfive.ca> wrote in message >>> news:OZI3SljpEHA.1152@TK2MSFTNGP11.phx.gbl... >>>> Hi David, >>>> >>>> eManager and Scanmail work together. There is only one quarantine >>>> store, and both use it. Any eManager filtered (quarantined) email can >>>> be managed from within Scanmail, so if you set your maintenance there >>>> that's as far as you need to go. >>>> >>>> eManager does keep separate logs (but not the actual items, see above), >>>> so you can set your log maintenance separately in eManager. >>>> >>>> I wouldn't recommend deleting the folders automatically. Delete them >>>> from within Scanmail managment console, there's a button for that. If >>>> the pull the folders out from under Scanmail without it's knowledge, it >>>> stands to reason that you'd have an upset application. >>>> >>>> -- >>>> Les Connor [SBS Community Member] >>>> ------------------------------------- >>>> SBS Rocks ! >>>> >>>> >>>> >>>> "David Schrag" <david-no-spam@schrag.net> wrote in message >>>> news:uuyV0gipEHA.348@TK2MSFTNGP15.phx.gbl... >>>>> Thanks to all who have responded so far, but I still need answers to >>>>> the specific questions I posed. Is deleting logs the same as deleting >>>>> the quarantined mail? I see a way to manage quarantined mail and files >>>>> in ScanMail, but not in eManager. Does the ScanMail quarantine >>>>> management affect the eManager quarantine? (I thought they were >>>>> separate because ScanMail says it puts quarantined items in the Smex >>>>> directory instead of SMCF.) >>>>> >>>>> And can I go ahead and delete all those folders in the old SMCF >>>>> quarantine location or is that going to cause all sorts of errors for >>>>> me later on? >>>>> >>>>> "David Schrag" <david-no-spam@schrag.net> wrote in message >>>>> news:%23VlwfGXpEHA.348@TK2MSFTNGP15.phx.gbl... >>>>>> Tried to get a bunch of good keywords in the subject line .... >>>>>> >>>>>> A few days ago my backups started failing (partially). I would get >>>>>> several errors in the log like this: >>>>>> >>>>>> Warning: Unable to open "C:\Program >>>>>> Files\Trend\SMCF\Quarantine\2004-09-15\13\41\Message41487ebf8cad.original_eml_" >>>>>> - skipped. >>>>>> Reason: Access is denied. >>>>>> >>>>>> At first I tried to exclude the quarantine directory from the backup, >>>>>> but I couldn't because it's in the Program Files directory, which SBS >>>>>> backup considers sacred. So I went into eManager console and moved >>>>>> the Quarantine folder to C:\Trend\SMCF\Quarantine, and excluded >>>>>> C:\Trend from the backup. >>>>>> >>>>>> But my backups continued to fail, because when you change the >>>>>> directory in eManager console, it doesn't move the existing >>>>>> quarantined files -- it just creates a new set of folders and puts >>>>>> new stuff in there. So I went through and manually deleted the files >>>>>> that were causing the backup failures. It was then that I noticed >>>>>> that I've got 14,740 folders and 10,299 files taking up 150 MB on >>>>>> disk in the old directory, c:\Program Files\Trend\SMCF\Quarantine. >>>>>> >>>>>> My questions: >>>>>> >>>>>> 1) If I go into the eManager console and change the "delete log >>>>>> files" setting from the default of "do not automatically delete log >>>>>> files" to "automatically delete log files older than X days," will >>>>>> that delete all those files and folders that build up in the >>>>>> Quarantine directory? Or are the log files something else? >>>>>> >>>>>> 2) If deleting the log files is different from deleting the >>>>>> ".original_eml_" files that build up in the Quarantine directory, how >>>>>> do you keep the quarantine directory from filling up all available >>>>>> space on the drive? >>>>>> >>>>>> 3) Is it safe for me to manually delete the entire c:\Program >>>>>> Files\Trend\SMCF\Quarantine folder (the former quarantine location)? >>>>>> How about manually deleting the existing quarantine location folders? >>>>>> >>>>>> I did check the C/S/M manual and Trend knowledge base before posting >>>>>> here and didn't find anything about this, but forgive me if I missed >>>>>> something obvious. >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
- Next message: Attila Csokai: "Re: ISA Config Question"
- Previous message: Geoff Dutch: "FTP via VPN"
- In reply to: David Schrag: "Re: Trend, Quarantine, Backup Exclusions, eManager, SMCF"
- Messages sorted by: [ date ] [ thread ]
