Jump to content

Immunet Quarantining Exchange Logs


Recommended Posts

Hello everyone,
 
I am using Immunet 5.03.10301 on a Windows 2008 R2 server running Exchange 2010.  I ran fine on Immunet 2 for over a year, then upgraded to 5.0.2.10301.  In response to searching I did for a related problem with not being able to quarantine files (see my post dated yesterday in the Malware Detections section), I uninstalled Immunet, selecting No on preserving settings and data per posts from people with similar scanning issues. I reinstalled it using the standard settings.  
 
Today, people started having issues with their email.  The problem seemed to be missing email transaction logs on the server, which was traced to Immunet's quarantine.  Attempting to restore the files failed with the following message:  Message from webpage:  File Could Not Be Restored.  Check to see if Agent is online.  Please Contact support@immunet.com.
 
Agent is online.  Scouring the forums again, I ended up restarting the server.  Email function is restored, but I'm concerned about Immunet trying to delete the logs again.  
 
This leads me to two questions:  First, how can I set Immunet to ignore the log file locations?  Second, should Immunet even be used with Microsoft Exchange?  Any advice that could be given would be greatly appreciated.
 
Thanks in advance,
Michael

Link to comment
Share on other sites

  • 1 month later...

I've o reproduced the behavior described above.  It looks like by default Exchange echos email attachments sent through it into log files, which immunet then unpacks, scans and attempts to quarantine if any of the attachments are  malicious.  I think  Exchange does this specifically so email attachments can be scanned by 3rd party av products, but these log files are not meant to be quarantined directly, only scanned.  Quarantining results in breaking the integrity of your Exchange users mailboxes.


tldr: Immunet doesn't support scanning Exchange attachments. You can still use Immunet as AV on the machine as long as you add exclusions to ensure immunet doesn't scan Exchange:

C:\Program Files\Microsoft\Exchange Server\
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp
 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...