gillis
IS-IT--Management
- Mar 4, 2001
- 196
Hi, we are running a modest LAN w/ NW6, GW6 and Symantec AV Corporate in a "managed" config. Definitions are downloaded to server each night and pushed to client automatically. Been working great.
However, within the last week we've discovered MyDoom virus files in a folder called GPwise/domain/wpgate/gwia/defer... Some users are opening bogus emails; Norton detects and quarantines but something is still winding up in this directory (quarantined, though). Even though we have server real-time protection enabled and configured, the virus files aren't noticed on the server until the scheduled nightly scan or if we run a manual scan.
I'm getting the impression SAV can't see the virus coming in through GWIA, only if opened or scanned once inside. Am I doing something wrong? Even though the files are detected before doing any damage, I'm getting nervous now that we're seeing them get onto the server.
Any ideas, suggestions, comfort would be appreciated.
Thanks, JGiles
However, within the last week we've discovered MyDoom virus files in a folder called GPwise/domain/wpgate/gwia/defer... Some users are opening bogus emails; Norton detects and quarantines but something is still winding up in this directory (quarantined, though). Even though we have server real-time protection enabled and configured, the virus files aren't noticed on the server until the scheduled nightly scan or if we run a manual scan.
I'm getting the impression SAV can't see the virus coming in through GWIA, only if opened or scanned once inside. Am I doing something wrong? Even though the files are detected before doing any damage, I'm getting nervous now that we're seeing them get onto the server.
Any ideas, suggestions, comfort would be appreciated.
Thanks, JGiles