My company is running Avast on our SBS 2003 server. Recently I’ve noticed Avast deleting files in an “Email Quarentine” directory that is on a different partition from all other Avast executables. I researched the filenames (files like KB616197.exe and KB529657.exe) and they are apparently more email trojans. (We’ve been seeing a lot of them lately.) I did not perform the original Avast install and and trying to decide how/where this folder is configured, or if it’s even related to Avast. I can’t seem to find anything in the settings or the documentation that even hint about its existence. AFAIK, the only other related services are GFI (anti-spam) and Exchange itself. Any ideas?
Sounds to me like its a GFI quaranteen. If you don’t want avast on-access scanner to scan the quarantine folder then go into default resident shield or standard shield and add the directory to the exclusion.
You might also want to download the gfi manual and take a look at the install dirs for quarantine.
Avast moves everything to a secure chest it defects and removes or deletes depending on your setup.
It’s not that I mind Avast policing that directory. But so far I’ve found no reference to “Email Quarentine” in either program, and feel like there’s a ghost process running on our server. Thanks, I’ll check with GFI.