Re: Why is this virus being detected?
- From: "Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
- Date: Mon, 13 Jun 2005 11:04:02 -0500
For this reason, I don't use attachment blocking in Exchange (as set in
CEICW). Rather, turn the whole thing over to the Trend A/V product.
--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
"NickC" <NoSpam@xxxxxxxxxxxxxx> wrote in message
news:OH0R5T$bFHA.464@xxxxxxxxxxxxxxxxxxxxxxx
> These are not all necessarily infected email just attachments of a type
> that
> CEICW wizard has been set to quarantine.
>
> Nick
>
> <wedor> wrote in message news:#TyKrX3bFHA.2124@xxxxxxxxxxxxxxxxxxxxxxx
>> I can't remember "ever" seeing an infected e-mail that needed to be kept,
>> it's not like parts of it are ok and could be useful.
>>
>> "NickC" <NoSpam@xxxxxxxxxxxxxx> wrote in message
>> news:uE4Fqz2bFHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
>> > Thanks Les,
>> >
>> > Problem with 1. is that they need to know what the infected mail was
>> > in-case
>> > it came from one of their 'important' customers.
>> >
>> > How does this sound;
>> > I suspect that shadow copy runs as the 'Backup' user.
>> > If I remove read permission to this directory for the backup user then
>> > shadow copy will not try to read it.
>> > Problem is the tape backup then won't be able to read it and will then
>> > throw
>> > errors and I would prefer to back-up this directory if possible.
>> >
>> > Nick
>> >
>> >
>> > "Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
>> > wrote in message news:OFp1xR2bFHA.1040@xxxxxxxxxxxxxxxxxxxxxxx
>> > Hi Nick,
>> >
>> > It looks like it's being scanned on backup while the volume shadow copy
> is
>> > being created.
>> >
>> > I think there are some possible solutions:
>> >
>> > 1.(my favorite) delete all virus infected mail rather than clean or
>> > quarantine.
>> > 2. set the quarantine folder to another location, that is not shadow
>> > copied
>> > or backed up.
>> >
>> > There is a kb article on Trend's site, but last time I looked it didn't
>> > seem
>> > to have a clear resolution - rather it appeared to just confirm that
> this
>> > happens.
>> >
>> > --
>> > Les Connor [SBS Community Member - SBS MVP]
>> > -----------------------------------------------------------
>> > SBS Rocks !
>> >
>> >
>> > "NickC" <NoSpam@xxxxxxxxxxxxxx> wrote in message
>> > news:OJCP$G2bFHA.2128@xxxxxxxxxxxxxxxxxxxxxxx
>> > Just found a dozen eventid 500s as below:
>> >
>> > Virus Detected!!!
>> > Virus Alert!!
>> > WORM_MYTOB.ER is detected on SERVER(***Admin) in ******server domain.
>> > Infected file:
>> > \Device\HarddiskVolumeShadowCopy85\Quarantine\EMail\account-details.pif
>> > Detection date: 2005.06.11 14:27:04
>> > Action: Virus successfully detected, cannot perform the Clean action
>> > (Virus successfully detected, cannot perform the Quarantine action)
>> >
>> > What I can't understand is why these are being detected because this
>> > 'Quarantine' directory is excluded from real-time scanning!
>> >
>> > Any ideas?
>> >
>> > Cheers
>> >
>> > Nick
>> >
>> >
>>
>>
>
>
.
- References:
- Why is this virus being detected?
- From: NickC
- Re: Why is this virus being detected?
- From: NickC
- Re: Why is this virus being detected?
- From: wedor
- Re: Why is this virus being detected?
- From: NickC
- Why is this virus being detected?
- Prev by Date: Re: VPN fails after 2003 upgrade
- Next by Date: Re: Stopping USB Flash Drive/Media Players Access
- Previous by thread: Re: Why is this virus being detected?
- Next by thread: Re: Why is this virus being detected?
- Index(es):
Relevant Pages
|
