58
Kaspersky Security 5.5 for Microsoft Exchange Server 2003
The most important major function of the application is the
disinfection
of
infected
objects. Disinfection is performed based on the information contained in
the anti-virus database. According to the results of the attempted disinfection, an
object can be assigned a status as listed below:
•
Disinfected
– object was successfully disinfected.
•
Non-disinfectable
– object disinfection failed.
A special processing procedure can be used for
non-disinfectable
objects.
Infected objects found in the message body are processed using the
action that is assigned to objects that could not be disinfected.
The following actions can be applied to objects with one of the following statuses:
infected, non-disinfectable, suspicious, protected
and
corrupted
.
•
Pass
– pass the object to the recipient with no changes.
•
Replace message body with text and rename attached objects
– replace
the infected message body with text created using the corresponding
replacement template and change the name and extension of the infected
attached objects. Such renamed objects will have .
txt
extension.
The name change affects attached objects only; if a virus was
detected in the message body, no renaming is performed.
•
Replace infected objects with text
– delete the detected object and replace
it with text (message body) or a
txt
file (attachments) created based on the
replacement template.
•
Delete the entire message
– delete the infected message along with all
attachments.
If the infected attachments are disinfected, replaced with text or re-
named, a separate copy of a message for each recipient is saved in the
Exchange server database. In order to reduce the size of this database
we recommend that you defragment it regularly.
Before the processing, a copy of the object can be saved in the backup storage
so that later it can be restored or sent to Kaspersky Lab for analysis (see Chapter
8, page 72).
The application can send notification about the object detected to the
administrator or to other users or register such event in the Microsoft Windows
event log (see Chapter 10, page 86 and Chapter 13, page 111).
By default, the application attempts to disinfect
infected
objects detected and if
the disinfection is not possible, the application will replace the object with a
txt
file. The
Replace message body with text and rename attachments
action will
be assigned to objects with a different status, and the text of the informative