Has anybody used an Antivirus Program that will scan a .pst file???

I have a PST file with 4 years of emails that I want to scan. (For testing I also have a small PST which contains 1 email with an Eicar attachment.)

Does anybody know of any Security product that will scan an entire PST and identify specific email with viruses?

I am hoping for responses from people that have ACTUALLY DONE this activity, but I will also award points for URL's that point to a vendor's web page that clearly claims this specific function.

Unfortunately, I will not award points to people who say "Maybe XYZ utility AVG has this feature, why don't you install the fee Demo version and find out?".

LVL 5
rberkeConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

war1Commented:
Greetings, rberke !

You can do so with AVG.  AVG puts an option in your right click context menu.  I right cick on a PST file and select "Scan with AVG".  There is a free version of AVG

http://free.grisoft.com/

Best wishes!
SniperGCommented:
If that doesn't work try Avast.

http://www.avast.com/eng/avast_4_home.html

From their site : -

The avast! engine also features outstanding unpacking support. It can scan inside the following archives: ARJ, ZIP, MIME (+ all associated formats), MAPI (Outlook pst files), DBX (Outlook Express archives), RAR, TAR, GZIP, CAB, BZIP2, ZOO, ACE, ARC, LHA/LHX, TNEF (winmail.dat), CPIO, CHM, RPM, ISO, 7ZIP and SIS. It also supports a number of executable packers (such as PKLite, Diet, UPX, ASPack, PeShield, FSG, MEW etc.).
SniperGCommented:
Just to confirm on the Avast.

I have successfully used it to scan a 300MB + .pst file with success. It did find the virus I put in there also ;-)

Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

rberkeConsultantAuthor Commented:

To war1, Yes, AVG does allow me to click on a button that says "Scan with AVG".  Unfortunately it scans a 2gigabyte file in 1 second and says "no virus found".  Incidentally, Norton at least warns me that it was not able to scan a .pst file.

SniperG, I already wasted 1/2 hour on AVG, so I have to put this project on hold for a while.

I hope to try Avast tomorrow.  
rberkeConsultantAuthor Commented:
War1-just reread my post and I think I might have been a little rude.  I did not mean to imply that I was "wasting my time", and I always appreciate your input, even when it is not successful.
TheCleanerCommented:
Are you only wanting free products?

Mcafee's Viruscan product as of at least version 7.0 scans pst files just fine.

(you will need to make sure that "scan inside archives" is checked)
Rich RumbleSecurity SamuraiCommented:
McAfee finds Eicar in a PST, unless it's password protected. Then your required to open it via outlook, supply the pass, and mcafee's additions to outlook will catch it/them.
If you have mcafee installed, and updated, opening  a pst file and having the onaccess scan enabled also catches the Eicar, but put's up no warnings, just renames the attachement. Inside the attachment you'll find it replaced with...
"02/10/2006 23:13:17 Original attachment (weee.txt) was Quarantined.  A virus was detected and removed from the original attachment.  You can safely save or delete this replacement attachment."

-rich


rcatachCommented:
Avast should work, but on the form from the link below some one states that panasoft will work I have included that post in my post. :)

http://mcseworld.com/forums/16829-possible-scan-pst-file-viruss.html


(I know that the free online scanner from Pandasoft is able to scan your pst files (and the e-mails inside), but not sure for NAV or AVG :\

Since the pst file is a db and contents is somewhat scrambled inside, just deleting the virus reference inside might leave the pst corrupt if it isn't able to open the file up using your e-mail client app and individually checking the contents for a virus.
__________________
70-210 | 70-215 | 70-216 | 70-217 | 70-218 | 70-219 | 70-224 | 70-225
70-270 | 70-284 | 70-292 | 70-296 | 70-298 | 70-299 | 1D0-410 | 1D0-470 | SY0-101
MOSXPWord | MOSXPExcel | MOSXPPowerPoint | MOSXPOutlook | MOSXPAccess)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rcatachCommented:
Here is a free toll from avast! :)

http://www.avast.com/eng/avast_cleaner.html
rberkeConsultantAuthor Commented:
Very long weekend at work, so I won't get to test avast, mcafee and panasoft until late next week.

I will split the 500 points between the people who have responded up to 2/11/06 11:30 pst

Other people are welcome to post further responses, but they will only get points if those first 3 turn out badly.
rberkeConsultantAuthor Commented:
to mcafee folks, I've still got problems.

If anybody can give me more McAfee suggestions, that will be my preference for the next few days.  After that, I will move on to Avast and Panasoft.  

I tried this on a friends computer which has a "recent" mcafee antivirus.  "Help About" does not show a clear version number, but it tells me the build is 10.0.27  which kind of sounds like it is mcAfee version 10.

When I right click on the small.PST it scans in about 1 minute and says no virus found.

Can somebody give me specific instructions on how to turn on "scan inside of archives".  I could not find it in the McAfee options. I tried right clicking on the red m in system tray and taking the options menu.  I found a few things to adjust, but not many.

i also tried to open small.PST in outlook then opened the eicar email. The only message I see is the standard "Outlook has blocked access to attachments."  When I close the PST and transport it to a computer where .com is in the LEVEL1 registry outlook allowed extension list, the eicar virus is still there.

By the way, when I goto a norton 2005 machine and open small.pst, NORTON DOES sees the eicar and removes the attachment and puts in a message.  (I don't even need to open the email, simply selecting it is enough for Norton to kick in.) BUT, THIS IS NOT WHAT I DESIRE. I don't want to click on 4 years worth of emails.





TheCleanerCommented:
For Mcafee, I'm only familiar with the "enterprise" version.

The latest is 8i.  and the engine build and dat file build can be found by right clicking the shield and choosing About (it also lists the version running at the top).

You would set the option for "scan inside compressed files".


Personally, I would use GroupShield from Mcafee if you want real Exchange/Outlook protection.
TheCleanerCommented:
rberkeConsultantAuthor Commented:
I have trend, and they do not support it.  But, I complained to their tech support and marketing about a year ago and they said it might be addded to future releases.  
rberkeConsultantAuthor Commented:
McAfee already has "scan inside compressed files" turned on.  my guess is whatever version we are running simple doesn't have the scan inside of archive option.   Right clicking on shield does not have an About option, I have to go deeper into McAfee security center where I found Help-> About, but it only gives me 10.0.27 build info, not actual version.  Pretty strange--I thought all the major vendors had learned long ago that customers appreciate an easy and standard way of finding which version of the software they are running.  The guy who owns this computer doesn't have a clue, he simply kept what came installed when he bought the computer.

I am giving up on McAfee as a solution.

Onward to Avast and Panasoft.

(who would have thought this would be so hard?)
TheCleanerCommented:
If it's mcafee security center then it's not the enterprise version....sorry can't help there...

rberkeConsultantAuthor Commented:
Avast insists on being the only security program running. It told me to uninstall norton (or maybe it said trend officescan, I can't remember.)  So, I tested it on a virtual pc, and it seems to seems to have the functionality I need.

Also, a correction to my previous report: Trend Officescan DOES have a .pst scan function that detects viruses. Unfortunately, it does not repair them so it has limited value.

I will test panda next, but I am very busy.  Hope to finish this question off in another week or two.

Thanks to all of you for your patience.


rberkeConsultantAuthor Commented:
PandaSoft also insist that I must uninstall AVG before installing panda home version of Titanium 2006.  So it is similar to Avast in that function.

I did a full scan using pandasoft's standard options and it automatically scanned every PST in my local drives. That included the PSTs that were not currently connected to any Outlook profiles. my eicar.com attachments were NOT deleted, but they were renamed to eicar.vir which neutralized them.  

To actually delete them was quite complicated:
   I saved the log to a text file, then sorted that file to find the subject line for every email with status = "renamed".
   I opened outlooked, the attached the *.pst file to outlook using outlooks file open menu
   I then sorted the emails by subject, and found the subjects one by one, and deleted the emails.  

Since this was cumbersome, I only did it on the PSTs which I regularly use.  I figure the other PSTs have been "neutralized" so they will not cause much damage.

PandaSoft Titanium disinfected over 500 files and many emails on the computer.  I suspect that a lot of these were spywares, rather that actual viruses, but it is still pretty impressive.  

It is possible that Avast would have worked just as well.  I know it worked on individual PSTs, but I never scanned my whole computer with it.

The target computer had been protected by trend officescan for a several years, so I am disappointed that trend left so much junk. In particular, trend's PST scan caught the eicar emails, but missed several different trojans that Pandasoft caught. I am now considering tossing out officescan. But the research for that will have to wait for a while.

Thanks to all for your help.

I'll award points later this afternoon.

Thanks for everybody helps
 






TheCleanerCommented:
Thanks for the points...good EE question and results.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Outlook

From novice to tech pro — start learning today.