Difference between revisions of "Notes on Antivirus Software"
[unchecked revision] | [checked revision] |
(Created page with "__NOTOC__ Due to the various methods of archiving email in MailStore Server and the storage of email using its own highly optimized storage technology, of few notes have to b...") |
Ltalaschus (talk | contribs) |
||
(15 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
+ | <!-- Hidden search phrases: --> | ||
+ | <!-- anti-virus --> | ||
+ | Due to the various methods of archiving email supported by {{{product|MailStore Server}}} and its own highly optimized storage technology, please follow the guidance below when using antivirus programs. | ||
− | + | == On-Access Scanner == | |
+ | To ensure best possible performance of the storage technology and to prevent disruption caused by antivirus software, it is recommended that you exclude all archive stores, and the location of the master database, from on-access scanning. All data in {{{product|MailStore Server}}} is stored encrypted and compressed and therefore cannot be reliably scanned by antivirus software. In case of false-positives, even corruption of an archive store may occur. The data directory used by MailStore Gateway should be excluded from on-access scanning as well. | ||
+ | |||
+ | === Directories used by MailStore Server === | ||
+ | |||
+ | {| class="wikitable" style="font-size: 85%;" | ||
+ | ! style=width:10em | Directory | ||
+ | ! Purpose | ||
+ | |- | ||
+ | | <tt>C:\MailArchive</tt> | ||
+ | | Data directory of MailStore Server, can be adjusted | ||
+ | |- | ||
+ | | <tt>C:\ProgramData\MailStore\Debug Log</tt> | ||
+ | | Debuglog files | ||
+ | |- | ||
+ | | <tt>C:\ProgramData\firebird</tt> | ||
+ | | Database internals | ||
+ | |- | ||
+ | | <tt>C:\Windows\Temp\MailStore</tt> | ||
+ | | Temporary, short living files | ||
+ | |- | ||
+ | | <tt>C:\Windows\System32\config\systemprofile\⮒ | ||
+ | AppData\Local\MailStore Server\Cache\MailboxCache.fdb</tt> | ||
+ | | Cache to increase archiving performance | ||
+ | |- | ||
+ | | <tt>%localappdata%\Microsoft\Windows\INetCache\MailStore</tt> | ||
+ | | Email files to open emails in other programs | ||
+ | |- | ||
+ | | <tt>%localappdata%\MailStore Client Launcher</tt> | ||
+ | | MailStore Client files to connect to a MailStore Server | ||
+ | |} | ||
+ | |||
+ | === Directories used by MailStore Service Provider Edition === | ||
+ | |||
+ | {| class="wikitable" style="font-size: 85%;" | ||
+ | ! style=width:10em | Directory | ||
+ | ! Purpose | ||
+ | |- | ||
+ | | <tt><configurable></tt> | ||
+ | | Data directory of MailStore SPE instances, can be configured | ||
+ | |- | ||
+ | | <tt>C:\ProgramData\MailStore Infrastructure\Debug Log\<instancename></tt> | ||
+ | | Debuglog files of instances | ||
+ | |- | ||
+ | | <tt>C:\ProgramData\firebird</tt> | ||
+ | | Database internals | ||
+ | |- | ||
+ | | <tt>C:\Windows\SystemTemp\MailStore Infrastructure\<instancename></tt> | ||
+ | | Temporary, short living files | ||
+ | |- | ||
+ | | <tt>C:\Windows\System32\config\systemprofile\⮒ | ||
+ | AppData\Local\MailStore Infrastructure\Cache\<instancename>\MailboxCache.fdb</tt> | ||
+ | | Cache to increase archiving performance | ||
+ | |- | ||
+ | | <tt>%localappdata%\Microsoft\Windows\INetCache\MailStore</tt> | ||
+ | | Email files to open emails in other programs | ||
+ | |- | ||
+ | | <tt>%localappdata%\MailStore Client Launcher</tt> | ||
+ | | E-mail Archive Client files to connect to a MailStore SPE instance | ||
+ | |} | ||
+ | |||
+ | === Directories used by MailStore Gateway === | ||
− | == | + | {| class="wikitable" style="font-size: 85%;" |
− | + | ! style=width:10em | Directory | |
+ | ! Purpose | ||
+ | |- | ||
+ | | <tt>C:\ProgramData\MailStore\Gateway</tt> | ||
+ | | Data directory of MailStore Gateway | ||
+ | |} | ||
− | == Web | + | == Web and Email Scanner == |
− | Depending on the email server, MailStore Server uses the HTTP, POP3 or IMAP protocol to access mailboxes. Most recent antivirus software | + | Depending on the email server, {{{product|MailStore Server}}} uses the HTTP, POP3 or IMAP protocol to access server mailboxes. Most recent antivirus software support scanning for viruses in those network protocols. Unfortunately they appear to be tested only with the most widespread email clients such as Microsoft Outlook and Mozilla Thunderbird. Compatibility with other email applications is often not guaranteed. In case of web scanners, which are optimized for scanning website visits by a normal web browser, issues like timeouts or connection resets may occur when accessing Microsoft Exchange Servers via "WebDAV over HTTP" or "Exchange Web Services" (uses HTTP as well). |
− | Should archiving with MailStore Server be affected by one of the above problems and is | + | Should archiving with {{{product|MailStore Server}}} be affected by one of the above problems and if there is an antivirus software with activated email or web scanner installed on the the computer that executes the archiving profiles, try to disable these component first. Should that not resolve the issue, it may be necessary to temporarily uninstall the antivirus software. We recommend to contact the vendor if the problem can be resolved by either disabling or uninstalling the antivirus software. |
== Heuristic & Behavioral Analysis == | == Heuristic & Behavioral Analysis == | ||
− | MailStore Server uses multiple methods to access local applications, email servers or other resources for archiving. All these combined into one application seems to cause antivirus software to classify MailStore Server's executables or even the download link as a threat | + | {{{product|MailStore Server}}} uses multiple methods to access local applications, email servers or other resources for archiving. All these combined into one application seems to cause antivirus software to classify {{{product|MailStore Server}}}'s executables or even the download link as a threat. |
− | |||
− | |||
+ | In that case please try to verify that classification with an online virus scanner like [https://www.virustotal.com/ VirusTotal] and contact the vendor of your antivirus software if applicable. | ||
+ | <noinclude> | ||
[[de:Hinweise_zu_Antivirenprogrammen]] | [[de:Hinweise_zu_Antivirenprogrammen]] | ||
+ | [[en:Notes on Antivirus Software]] | ||
+ | </noinclude> |
Latest revision as of 12:48, 5 September 2024
Due to the various methods of archiving email supported by MailStore Server and its own highly optimized storage technology, please follow the guidance below when using antivirus programs.
On-Access Scanner
To ensure best possible performance of the storage technology and to prevent disruption caused by antivirus software, it is recommended that you exclude all archive stores, and the location of the master database, from on-access scanning. All data in MailStore Server is stored encrypted and compressed and therefore cannot be reliably scanned by antivirus software. In case of false-positives, even corruption of an archive store may occur. The data directory used by MailStore Gateway should be excluded from on-access scanning as well.
Directories used by MailStore Server
Directory | Purpose |
---|---|
C:\MailArchive | Data directory of MailStore Server, can be adjusted |
C:\ProgramData\MailStore\Debug Log | Debuglog files |
C:\ProgramData\firebird | Database internals |
C:\Windows\Temp\MailStore | Temporary, short living files |
C:\Windows\System32\config\systemprofile\⮒
AppData\Local\MailStore Server\Cache\MailboxCache.fdb |
Cache to increase archiving performance |
%localappdata%\Microsoft\Windows\INetCache\MailStore | Email files to open emails in other programs |
%localappdata%\MailStore Client Launcher | MailStore Client files to connect to a MailStore Server |
Directories used by MailStore Service Provider Edition
Directory | Purpose |
---|---|
<configurable> | Data directory of MailStore SPE instances, can be configured |
C:\ProgramData\MailStore Infrastructure\Debug Log\<instancename> | Debuglog files of instances |
C:\ProgramData\firebird | Database internals |
C:\Windows\SystemTemp\MailStore Infrastructure\<instancename> | Temporary, short living files |
C:\Windows\System32\config\systemprofile\⮒
AppData\Local\MailStore Infrastructure\Cache\<instancename>\MailboxCache.fdb |
Cache to increase archiving performance |
%localappdata%\Microsoft\Windows\INetCache\MailStore | Email files to open emails in other programs |
%localappdata%\MailStore Client Launcher | E-mail Archive Client files to connect to a MailStore SPE instance |
Directories used by MailStore Gateway
Directory | Purpose |
---|---|
C:\ProgramData\MailStore\Gateway | Data directory of MailStore Gateway |
Web and Email Scanner
Depending on the email server, MailStore Server uses the HTTP, POP3 or IMAP protocol to access server mailboxes. Most recent antivirus software support scanning for viruses in those network protocols. Unfortunately they appear to be tested only with the most widespread email clients such as Microsoft Outlook and Mozilla Thunderbird. Compatibility with other email applications is often not guaranteed. In case of web scanners, which are optimized for scanning website visits by a normal web browser, issues like timeouts or connection resets may occur when accessing Microsoft Exchange Servers via "WebDAV over HTTP" or "Exchange Web Services" (uses HTTP as well).
Should archiving with MailStore Server be affected by one of the above problems and if there is an antivirus software with activated email or web scanner installed on the the computer that executes the archiving profiles, try to disable these component first. Should that not resolve the issue, it may be necessary to temporarily uninstall the antivirus software. We recommend to contact the vendor if the problem can be resolved by either disabling or uninstalling the antivirus software.
Heuristic & Behavioral Analysis
MailStore Server uses multiple methods to access local applications, email servers or other resources for archiving. All these combined into one application seems to cause antivirus software to classify MailStore Server's executables or even the download link as a threat.
In that case please try to verify that classification with an online virus scanner like VirusTotal and contact the vendor of your antivirus software if applicable.