We've been having problems recently in which some user's Outlook PST files are becoming corrupt. I've explored the usual suspects (file size, disk corruption, etc.). I'm beginning to wonder if VirusScan could be contributing to the problem.
Is it necessary for the on-access scanner to scan PST and OST files? If I exclude those file types, I'm guessing the on-delivery email scanner would still scan the messages and the on-access scanner would still scan attachments on open or write, is this correct? I guess I'm wondering if there is a best practice for these types of files. Any help is appriciated, thanks.
Message was edited by: qgudex on 11/8/11 4:48:49 PM CST
I exclude PST and OST files from my scanning to aid performance. Again on the assumption that the various email filters and checks will pick up anything.
Also by following McAfee's best practice guide I have also added outlook.exe into my high risk group to ensure anything out of the ordinary is properly checked.
pierce, thanks for the reply.
We do have an enterprise email AV and content filter (not McAfee) so there is some protection there, but it's always nice to have "layers". This is why I was asking about whether the on-delivery email scanner and OAS on attachments still worked even if OAS wasn't scanning the PST and OST files themselves. I guess at the very least I'd like any attachments a user opens to be scanned by VirusScan. I really would like the VirusScan email scanner to scan the message body for suspicious content as well.
The OAS Scanner does not scan inside a PST or OST file as they are basically databases so you can safely exclude them. The On-Delivery e-mail scanner will catch anything coming into the pst file and if there is an attachment the OAS Scanner will scan it upon opening.
See the KB below on how to handle pst files.
I would recommend excluding .pst .ost, and any other database file on your system. If a detection does occur, corruption is almost gauranteed.
Thanks everyone for the responses. I did some more testing on my end and it appears the on-delivery scanner and the OAS scanner still scan messages and attachments even if OAS is not scanning the PST or OST. My assumption at this point is that it problably is safe to exclude these file types from the OAS scan.
I did try to get an official recommendation via McAfee support as well, but no luck there.
You do not need to excluse OST and PST. All that does is add more noise to your exclusions. There's a bit more intelligence in Virus Scan than given credit for. The key is to make sure that you are scanning "All Files" not "Default + Additional Types".
Verify this yourself with the McAfee Profiler. Or with simple math: If it were being scanned then every time you opened Outlook, it would choke for several minutes while VSE churned through a 1-2 GB set of files. (I have about 12 GB of PST's routinely connected to my Outlook).
Microsoft provides built-in repair utility to fix corrupted PST and OST mailbox. SCANPST.EXE for scanning corrupted PST files and SCANOST.EXE for scanning corrupted OST files.
If corruption is severe, these tools may fail to fix corruption. In such situation, you can try third-party tools for case-effective results. I can suggest you to try SysInfoTools products. You can try SysInfoTools PST File Repair and SysInfoTools OST File Recovery tools. These tools can scan corrupted Outlook mailboxes and repair them with ease.
Try free demo version of these tools.
To read more about these tools and to download free demo versions, you may visit: www.sysinfotools.com
For fast recovery OST file and conversion OST to PST, download best OST file to PST software. Get OST to PST converter program to recover Outlook OST file and export OST file to PST file in seconds. Without any harm all users can remove all bugs from corrupted OST file and make OST to PST file accurately.
For More Info: http://www.osttopstconverter-tool.com/