We have a website on Windows Server 2008 R2 using IIS 7 where our customers can upload files. We have just recently been Pen Tested and our testing company was able to upload and place a test virus signature text file on a folder on our server. We have real-time scanning switched on and for test purposes I have configured this for ALL FILES, however the file is not being detected when it is placed in the folder from the Web or from the LAN. Running a manual full scan does detect the file and says the file has been quarantined, however the infected file remains in the folder it was placed in and is fully accessible.
I would really welcome any suggestions from the forum on how to set this up correctly. The server is managed through the Sophos management console.
This thread was automatically locked due to age.