Jump to content
mbit128

Immunet Quarantining Exchange Logs

Recommended Posts

Hello everyone,
 
I am using Immunet 5.03.10301 on a Windows 2008 R2 server running Exchange 2010.  I ran fine on Immunet 2 for over a year, then upgraded to 5.0.2.10301.  In response to searching I did for a related problem with not being able to quarantine files (see my post dated yesterday in the Malware Detections section), I uninstalled Immunet, selecting No on preserving settings and data per posts from people with similar scanning issues. I reinstalled it using the standard settings.  
 
Today, people started having issues with their email.  The problem seemed to be missing email transaction logs on the server, which was traced to Immunet's quarantine.  Attempting to restore the files failed with the following message:  Message from webpage:  File Could Not Be Restored.  Check to see if Agent is online.  Please Contact support@immunet.com.
 
Agent is online.  Scouring the forums again, I ended up restarting the server.  Email function is restored, but I'm concerned about Immunet trying to delete the logs again.  
 
This leads me to two questions:  First, how can I set Immunet to ignore the log file locations?  Second, should Immunet even be used with Microsoft Exchange?  Any advice that could be given would be greatly appreciated.
 
Thanks in advance,
Michael

Share this post


Link to post
Share on other sites

I've o reproduced the behavior described above.  It looks like by default Exchange echos email attachments sent through it into log files, which immunet then unpacks, scans and attempts to quarantine if any of the attachments are  malicious.  I think  Exchange does this specifically so email attachments can be scanned by 3rd party av products, but these log files are not meant to be quarantined directly, only scanned.  Quarantining results in breaking the integrity of your Exchange users mailboxes.


tldr: Immunet doesn't support scanning Exchange attachments. You can still use Immunet as AV on the machine as long as you add exclusions to ensure immunet doesn't scan Exchange:

C:\Program Files\Microsoft\Exchange Server\
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp
 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×