antivirus and email
39 views
Skip to first unread message
Tracy P.
Oct 11, 2016, 12:20:08 PM10/11/16
to Digital Curation
Hi All,
Some context before I pose my questions to the group: I've been working with our University Archives on recovering and processing some .pst files that seem to have malware content in the a couple of attachments. I've scanned .pst files locally on a quarantined/non-networked computer using Microsoft System Center Endpoint Protection antivirus (I update the signatures prior to working with quarantined content).
Our IT department has been receiving malware alerts even after I've scanned the .pst files although we are using the same antivirus program. However, based on what our IT folks say, most antivirus software packages do not scan in email archives files. SCEP can detect malicious files within the email container formats but cannot do anything with them. Why my instance of SCEP is not detecting malware while theirs is is a question I'm working on internally. In an attempt to excise the reported malicious content I have exported the files from the container formats using Aid4Mail. However, antivirus is still going to detect issues with the .pst file if I keep it and upload it to our repository.
My questions to post to you all are:
How do you manage viruses found in email archives files?
For email container files that have malicious content do you retain that container file?
Is there a way to delete the offending content within an email archive file without deleting the whole thing?
Google searches have not been especially helpful in illuminating a good solution...
Thanks in advance!
Tracy Popp
University of Illinois Urbana-Champaign
Some context before I pose my questions to the group: I've been working with our University Archives on recovering and processing some .pst files that seem to have malware content in the a couple of attachments. I've scanned .pst files locally on a quarantined/non-networked computer using Microsoft System Center Endpoint Protection antivirus (I update the signatures prior to working with quarantined content).
Our IT department has been receiving malware alerts even after I've scanned the .pst files although we are using the same antivirus program. However, based on what our IT folks say, most antivirus software packages do not scan in email archives files. SCEP can detect malicious files within the email container formats but cannot do anything with them. Why my instance of SCEP is not detecting malware while theirs is is a question I'm working on internally. In an attempt to excise the reported malicious content I have exported the files from the container formats using Aid4Mail. However, antivirus is still going to detect issues with the .pst file if I keep it and upload it to our repository.
My questions to post to you all are:
How do you manage viruses found in email archives files?
For email container files that have malicious content do you retain that container file?
Is there a way to delete the offending content within an email archive file without deleting the whole thing?
Google searches have not been especially helpful in illuminating a good solution...
Thanks in advance!
Tracy Popp
University of Illinois Urbana-Champaign
Seth Shaw
Oct 11, 2016, 3:24:59 PM10/11/16
to digital-...@googlegroups.com
1) The viruses & malware won't do any harm unless activated (run). So, as long as you know they are there and handle them appropriately you can be safe. Think of this as being a bio-lab that happens to have either Small-pox or Anthrax in their collection.
2) With that in mind, I would consider keeping it but, as long as you document your actions carefully, no one could blame you for exporting everything and deleting the original container and offending file.
3) Again, document everything, but it depends on the container. I don't know about PST (haven't had to deal with that one in this way) but MBOX and its varieties could be easily modified to cut out the offending bits.
--
You received this message because you are subscribed to the Google Groups "Digital Curation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to digital-curation+unsubscribe@googlegroups.com.
To post to this group, send email to digital-curation@googlegroups.com.
Visit this group at https://groups.google.com/group/digital-curation.
For more options, visit https://groups.google.com/d/optout.
Tracy Popp
Oct 11, 2016, 5:31:23 PM10/11/16
to digital-...@googlegroups.com
Thanks, Seth! Your response is helpful. We may have to go the document and delete route unless I can convince our IT folks that we won't activate the malware files.
Cheers, Reply all
Reply to author
Forward
0 new messages