How can running a third party virus scanner with GMS on the same server lead to unpredictable results?

  1. Home
  2. Knowledge Base
  3. GMS
  4. How can running a third party virus scanner with GMS on the same server lead to unpredictable results?

Question

The choice of having a third party virus scanner on the same server as GMS is solely your decision. However, Gordano are unable to support customers that have their application configured to scan on the "Gordano" file structure. These third party scanners must omit the main gordano direcory and all its sub directories from their scanning.

Answer

During the transfer of an electronic message from a remote server to your GMS server, when the actual body is in transit,the "gordano/temp" directory will act as a temporary storage buffer until the entire message is transferred, scanned and accepted by SMTP. Before the message is written directly to an "Inbox" it will be passed to the Anti Virus software.

Here is a "worse case" scenario…

Consider a message accpeted by your server with two documents attached. Let’s say the second document happens to be a virus, GMS Anti-Virus will decode the message as a whole and write a series of temporary files to your disk. These files will consist of the whole message itself, dissected text sections and the two separate attachments in its raw form. It is likely that only then your third party scanner is able to detect the virus in the second document, as GMS Anti-Virus will have already decoded the MIME formatted data.

Your scanner will then attempt to scan each of the new files, including the file that contains the infected document. Assuming it attempts to clean the file and does so successfully, GMS will then scan the "now clean" file and will not find a virus.
The original message which has remained in the "Temp" file in its entirety is then delivered to the end user with a virus!

Another example, if you rely on third party scanners only, may be a message stored in a users mailbox which is infected with a virus. Your third party virus scanner finds this virus and removes it, thus subtantially altering the makeup of the mailbox. This will result in the index for that mailbox being out of sync with the mailbox itself. The result is that that the mail client is unlikely to be able to access the contents of the mailbox until such time as the index has been regenerated. Other side effects may include seeing partial messages and/or messages appearing to be corrupt in some way.

You MUST configure your third party scanner to not perform any checks on any of the Gordano directories.

See Also:

Keywords:av anti virus third party scanner vpp

Was this article helpful?

Related Articles