Jump to content
mbit128

Immunet Quarantining Exchange Logs

Recommended Posts

Hello everyone,
 
I am using Immunet 5.03.10301 on a Windows 2008 R2 server running Exchange 2010.  I ran fine on Immunet 2 for over a year, then upgraded to 5.0.2.10301.  In response to searching I did for a related problem with not being able to quarantine files (see my post dated yesterday in the Malware Detections section), I uninstalled Immunet, selecting No on preserving settings and data per posts from people with similar scanning issues. I reinstalled it using the standard settings.  
 
Today, people started having issues with their email.  The problem seemed to be missing email transaction logs on the server, which was traced to Immunet's quarantine.  Attempting to restore the files failed with the following message:  Message from webpage:  File Could Not Be Restored.  Check to see if Agent is online.  Please Contact support@immunet.com.
 
Agent is online.  Scouring the forums again, I ended up restarting the server.  Email function is restored, but I'm concerned about Immunet trying to delete the logs again.  
 
This leads me to two questions:  First, how can I set Immunet to ignore the log file locations?  Second, should Immunet even be used with Microsoft Exchange?  Any advice that could be given would be greatly appreciated.
 
Thanks in advance,
Michael

Share this post


Link to post
Share on other sites

I've o reproduced the behavior described above.  It looks like by default Exchange echos email attachments sent through it into log files, which immunet then unpacks, scans and attempts to quarantine if any of the attachments are  malicious.  I think  Exchange does this specifically so email attachments can be scanned by 3rd party av products, but these log files are not meant to be quarantined directly, only scanned.  Quarantining results in breaking the integrity of your Exchange users mailboxes.


tldr: Immunet doesn't support scanning Exchange attachments. You can still use Immunet as AV on the machine as long as you add exclusions to ensure immunet doesn't scan Exchange:

C:\Program Files\Microsoft\Exchange Server\
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp
 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...