Jump to content


Photo

Immunet Quarantining Exchange Logs

exchange immunet quarantine restore

  • Please log in to reply
2 replies to this topic

#1 mbit128

mbit128

    Newbie

  • Banned
  • Pip
  • 4 posts

Posted 09 December 2016 - 05:29 PM

Hello everyone,
 
I am using Immunet 5.03.10301 on a Windows 2008 R2 server running Exchange 2010.  I ran fine on Immunet 2 for over a year, then upgraded to 5.0.2.10301.  In response to searching I did for a related problem with not being able to quarantine files (see my post dated yesterday in the Malware Detections section), I uninstalled Immunet, selecting No on preserving settings and data per posts from people with similar scanning issues. I reinstalled it using the standard settings.  
 
Today, people started having issues with their email.  The problem seemed to be missing email transaction logs on the server, which was traced to Immunet's quarantine.  Attempting to restore the files failed with the following message:  Message from webpage:  File Could Not Be Restored.  Check to see if Agent is online.  Please Contact support@immunet.com.
 
Agent is online.  Scouring the forums again, I ended up restarting the server.  Email function is restored, but I'm concerned about Immunet trying to delete the logs again.  
 
This leads me to two questions:  First, how can I set Immunet to ignore the log file locations?  Second, should Immunet even be used with Microsoft Exchange?  Any advice that could be given would be greatly appreciated.
 
Thanks in advance,
Michael



#2 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,794 posts
  • LocationOil City, Pa. U.S.A.

Posted 15 December 2016 - 11:35 PM

Hi Michael, please go to the Malware Detection section where you also posted regarding issues with your server.


* Immunet Global Forum Moderator *


#3 RobT

RobT

    Advanced Member

  • Administrators
  • 237 posts

Posted 17 January 2017 - 08:06 PM

I've o reproduced the behavior described above.  It looks like by default Exchange echos email attachments sent through it into log files, which immunet then unpacks, scans and attempts to quarantine if any of the attachments are  malicious.  I think  Exchange does this specifically so email attachments can be scanned by 3rd party av products, but these log files are not meant to be quarantined directly, only scanned.  Quarantining results in breaking the integrity of your Exchange users mailboxes.


tldr: Immunet doesn't support scanning Exchange attachments. You can still use Immunet as AV on the machine as long as you add exclusions to ensure immunet doesn't scan Exchange:

C:\Program Files\Microsoft\Exchange Server\
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp
 







Also tagged with one or more of these keywords: exchange, immunet, quarantine restore

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users