Microsoft Exchange Server Anti-Virus Scanning Settings
|
Microsoft Exchange Server Anti-Virus Scanning Settings |
|
|
The VSAPI-based anti-virus scanning is adjusted by means of a set of registry keys and involves two following types of settings: •Global settings •Database settings •SMTP transport scanning
Global settings These settings are used by default for all Information Stores on server. On access scanning Registry key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan] "Enabled"=dword:00000001 This setting enables the anti-virus check for all Information Stores. The message will be scanned every time it is requested by a client. Background scanning Registry key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan] "BackgroundScanning"=dword:00000001 This setting enables the background scanning. Background scanning implies creating of a new thread where all the messages from the Store are scanned. Enabling the background scanning may adversely affect the mail server performance. Proactive scanning Registry key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan] "ProactiveScanning"=dword:00000001 This setting enables the proactive scanning. In this case all the messages are checked immediately after they get into the Store. Messages that have passed proactive scanning and have not changed their time stamps aren't checked once more when they are requested by a client. Disabling outgoing messages check Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan "TransportExclusion"=reg_dword:00000000 This setting allows to disable/enable (by specifying 1 or 0 value respectively) the malware check for outgoing messages when they are picked up by transport system from the Store. This check is enabled by default. Configuring the number of threads for VSAPI The number of threads for VSAPI 2.6 is specified by default in the Exchange Server settings. But you can also configure it manually by creating the ScanningThreads parameter in the registry entry below. Registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\VirusScan "ScanningThreads"=reg_dword This parameter determines the maximum number of threads created for scanning. Changing the value of this parameter affects only on access and proactive scanning. It does not affect the background scanning, which always uses one thread per database. By default, the value of this parameter is set to 2 *<number of processors> + 1. Database settings These settings allow to specify the scanning parameters for each mail database on the server. The registry key for these settings is the following: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server-Name>\<ID Base>], where <Server-Name> is the name of the server, <ID Base> is the database identifier, e.g. Private-ae39732e-fb7f-426d-98a0-298f3f014c77. Parameters: •"VirusScanEnabled"=dword:00000001—enables the anti-virus scanning of the specified database. •"VirusScanBackgroundScanning"=dword:00000001—enables the background scanning of the specified database. •"VirusScanProactiveScanning"=dword:00000001—enables the proactive scanning of the specified database. SMTP transport scanning
Registry key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\TransportAVAPI\] "Enabled"=dword:00000001 Transport scanning is disabled by default. You can enable it on the last step of program installation. So, the first anti-virus scanning of the message will be performed on the OnSubmission SMTP event, i.e. on the transport level. Another scanning will be performed in the Exchange Information Store when the message is requested by a client. |
