We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

PRB: Anti-virus software flags ArchiveOne files as being infected

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00007488

Scope: 

ArchiveOne Enterprise, all versions

Answer:

SYMPTOMS

After running a regular scheduled anti-virus (AV) scan of the archive server a large number of files have been flagged as 'infected' (typically as containing some form of 'Trojan')

ROOT CAUSE

Anti-virus (AV) products, especially those set to perform "on access" scanning frequently misreport ArchiveOne temporary files as having a virus payload.

The reason for this is that ArchiveOne's temporary files are not readable by most AV products and so they make a "best guess" to the possible type of threat they may pose. The report by the AV software is usually a set of false positives.

WORKAROUND

The usual way to avoid this is to add our temporary file paths to a list of 'excluded' paths.

Typical folders to add are;

*the "Add-ins" share (located on the machine designated the 'configuration server')

*the installation folder (typically C:\Program Files(x86)\C2C Systems\ArchiveOne\

*the 'temporary' folder listed in the repository definition

*NOTE: To locate the 'temporary' folder:

*Open the ArchiveOne Console

*Navigate to the Repositories node

*Right click on a repository and select properties from the context menu

*navigate to the Temporary Data tab and not the path for the temporary data

Depending on the AV software being run you may also find it useful to exclude ALL the C2C processes (listed in 'Task Manager') such as;

*aonepolservice.exe

*aoneitemlistservice.exe

*aonepolmonitor.exe

*filterservice.exe

*filterservice64.exe

*aonecmplmonitor.exe

*aonecmplservice.exe

*aonereindexservice.exe

Adding these exclusions should resolve the problem.

RESOLUTION

There is no formal resolution to this issue. Additionally the workaround may result in some genuinely infected emails entering the archive. Strong AV scanning of the Exchange server is hence recommended.