We've been having problems recently in which some user's Outlook PST files are becoming corrupt. I've explored the usual suspects (file size, disk corruption, etc.). I'm beginning to wonder if VirusScan could be contributing to the problem.
Is it necessary for the on-access scanner to scan PST and OST files? If I exclude those file types, I'm guessing the on-delivery email scanner would still scan the messages and the on-access scanner would still scan attachments on open or write, is this correct? I guess I'm wondering if there is a best practice for these types of files. Any help is appriciated, thanks.
Message was edited by: qgudex on 11/8/11 4:48:49 PM CST
I exclude PST and OST files from my scanning to aid performance. Again on the assumption that the various email filters and checks will pick up anything.
Also by following McAfee's best practice guide I have also added outlook.exe into my high risk group to ensure anything out of the ordinary is properly checked.
pierce, thanks for the reply.
We do have an enterprise email AV and content filter (not McAfee) so there is some protection there, but it's always nice to have "layers". This is why I was asking about whether the on-delivery email scanner and OAS on attachments still worked even if OAS wasn't scanning the PST and OST files themselves. I guess at the very least I'd like any attachments a user opens to be scanned by VirusScan. I really would like the VirusScan email scanner to scan the message body for suspicious content as well.
The OAS Scanner does not scan inside a PST or OST file as they are basically databases so you can safely exclude them. The On-Delivery e-mail scanner will catch anything coming into the pst file and if there is an attachment the OAS Scanner will scan it upon opening.
See the KB below on how to handle pst files.
I would recommend excluding .pst .ost, and any other database file on your system. If a detection does occur, corruption is almost gauranteed.
Thanks everyone for the responses. I did some more testing on my end and it appears the on-delivery scanner and the OAS scanner still scan messages and attachments even if OAS is not scanning the PST or OST. My assumption at this point is that it problably is safe to exclude these file types from the OAS scan.
I did try to get an official recommendation via McAfee support as well, but no luck there.
You do not need to excluse OST and PST. All that does is add more noise to your exclusions. There's a bit more intelligence in Virus Scan than given credit for. The key is to make sure that you are scanning "All Files" not "Default + Additional Types".
Verify this yourself with the McAfee Profiler. Or with simple math: If it were being scanned then every time you opened Outlook, it would choke for several minutes while VSE churned through a 1-2 GB set of files. (I have about 12 GB of PST's routinely connected to my Outlook).