Hi All,
We've recently installed Enterprise Vault (v.11.0.0.1444) into our environment (2x Exchange 2010 CAS/HT/MB in DAG). We have enabled most users now and have come up with our first virus alert on the EV front end server.
We are using Trend Officescan 10.6 SP3 and it flagged an infection:
Virus: TROJ_DALEXIS.SMH
Location: \Device\HarddiskVolumeShadowCopy58\Enterprise Vault Stores\MBXVaultStore01 Ptn1\2015\01-28\0\000\ 0000E5463CFA3D1F929DB469C2473761~25~44062B41~00~1.DVSSP
We have used a SQL query to find out the specific user and folder which we have tracked down to an email in the Junk E-Mail folder, however the next step is to remove the email from the Vault console which is where the problem arrives.
At the moment, we have not got the setting "Users can delete items from their archives" turned on as we do not want users to be able to accidentally remove items. From reading TECH128602 it says we must turn this on, but it is a global setting on the EV site, so we could not get away with enabling it, without allowing users to also delete items.
Surely there is a way that admins can browse a user's vault and remove an email without giving everybody the privilege, does anyone know if this is possible ?
Otherwise I can only assume we would have to turn it on out of hours, remove the message and then turn it off again.
Thanks
Sam