1) I am getting a lot of intermittent false positives from Portal Shield following a recent DAT update. Essentially, some files seem to fail to scan and causes SharePoint to flag the file as having a virus. This prompts a message indicating the file may be infected with Reason :="".
2) I generally search the SharePoint ULS logs for
Virus Found: Reason:=
and I will find samples of where the scan may have failed.
3) The following MSN article describes SharePoint's behavior on a failed scan.
4) My question is whether there is a method for figuring out why the scan failed or a log somewhere with information on failed scans.
5) One of things I just tried that seems to be helping is changing the timeout for scans from 300 seconds to 999 seconds. Is there are recommendation on the timeout setting?
What is the version of your MSMS?
Since when you are facing this issue, if you increase the duration of scan timed out, then there are possibilities that it might crash.
If you are using MSMS 3.0 then I would say you better install the hotfix MSMS 3.0 hotfix 1012918. If you are running a recent version later than 3.0, then my best advise would be to reach out McAfee Support and get the help right from there, so that they should be able to understand and alalyze why there are intermitent false positive detections.
I am using MSMS 3.51.
Actually, increasing the timeout helped a lot. Where I was getting 20 to 50 failed scans per 15 minutes, changing the timeout to 999 caused the failed scans to occur very rarely.
However, there were certain files that would fail to scan never the less.
I actually first experieced scan failures when the engine version was outdated. A user solution package stopped working due to scan failures on my production systems. I noticed that the engine version was newer on the development system that I was using, so updating the engine version fixed it that time.
This time around the scans may have been timing out. I'm not sure if it is the new DAT file, but the scan failures were intermittent and not consistent with the file that was failing.
After the timeout increase, however, the scan failures occur more rarely, but are now consistent on individual files.
It would definitely help if there were a MSMS log or other place I could look for clues as to why it is failing to scan those files.