Receiving suspected attachments that should have been removed by the virus scanning of Symantec Mail Security for Domino

Article:TECH90496  |  Created: 2008-01-13  |  Updated: 2013-10-28  |  Article URL http://www.symantec.com/docs/TECH90496
Article Type
Technical Solution


Issue



Users are getting suspected attachments that you think should have been removed by the virus scanning of Symantec Mail Security for Domino.

Symptoms
Symantec Mail Security for Domino log indicates that a file was repaired.

 


Solution




Apply the latest virus definitions using the intelligent updater to ensure the latest virus definitions are installed.

Ensure that Auto-Protect or Real-time scanning is enabled
Try downloading Eicar.com. If Auto-Protect or Real-time scanning is enabled, then EICAR should trigger a virus alert. EICAR contains harmless code designed to test the integrity of antivirus software.

Check the Symantec Mail Security for Domino log
To see if any detections have been found and what the action taken was.

Check if the action for 'When a Threat is Detected:' is set to 'Repair the infected attachment'
The contents of the file may have been stripped and replaced with the following text "The attachment was deleted. A violation was detected within the attachment." Changing the action to Quarantine the document will quarantine the infected file and document. If the file was sent via email, the user would not receive the email with stripped attachment.



Legacy ID



2008101307245254


Article URL http://www.symantec.com/docs/TECH90496


Terms of use for this information are found in Legal Notices