We have a website on Windows Server 2008 R2 using IIS 7 where our customers can upload files. We have just recently been Pen Tested and our testing company was able to upload and place a test virus signature text file on a folder on our server. We have real-time scanning switched on and for test purposes I have configured this for ALL FILES, however the file is not being detected when it is placed in the folder from the Web or from the LAN. Running a manual full scan does detect the file and says the file has been quarantined, however the infected file remains in the folder it was placed in and is fully accessible. I would really welcome any suggestions from the forum on how to set this up correctly. The server is managed through the Sophos management console.
↧