The VSAPI-based anti-virus scanning is adjusted by means of a set of registry keys and involves two following types of settings:
•Global settings
•Database settings
•SMTP transport scanning
|
The anti-virus scanning settings listed below are available for Microsoft Exchange Server 2003, 2007 and 2010. |
Global settings
These settings are used by default for all Information Stores on server.
On access scanning
Registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan]
"Enabled"=dword:00000001
This setting enables the anti-virus check for all Information Stores. The message will be scanned every time it is requested by a client.
Background scanning
Registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan]
"BackgroundScanning"=dword:00000001
Background scanning implies creating of a new thread where all the messages located in all the Information Stores on the server, including the Stores of shared folders, are scanned. Enabling the background scanning may adversely affect the mail server performance. By default, the task starts daily at 1:15 AM to avoid increasing the server load. You can change the scanning schedule, if needed, and select a time period when the background scanning does not affect the mail server performance.
Proactive scanning
Registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan]
"ProactiveScanning"=dword:00000001
This setting enables the proactive scanning. In this case all the messages are checked immediately after they get into the Store. Messages that have passed proactive scanning and have not changed their time stamps aren't checked once more when they are requested by a client.
Disabling outgoing message scan
Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan
"TransportExclusion"=reg_dword:00000000
This setting allows to disable/enable (by specifying 1 or 0 value respectively) the malware scan for outgoing messages when they are picked up by transport system from the Store. This scan is enabled by default.
Configuring the number of threads for VSAPI
The number of threads for VSAPI 2.6 is specified by default in the Exchange Server settings. But you can also configure it manually by creating the ScanningThreads parameter in the registry entry below.
Registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\VirusScan
"ScanningThreads"=reg_dword
This parameter determines the maximum number of threads created for scanning. Changing the value of this parameter affects only on access and proactive scanning. It does not affect the background scanning, which always uses one thread per database.
By default, the value of this parameter is set to 2 *<number of processors> + 1.
Database settings
These settings allow to specify the scanning parameters for each mail database on the server. The registry key for these settings is the following:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server-Name>\<ID Base>],
where <Server-Name>is the name of the server, <ID Base> is the database identifier, e.g. Private-ae39732e-fb7f-426d-98a0-298f3f014c77.
Parameters:
•"VirusScanEnabled"=dword:00000001—enables the anti-virus scanning of the specified database.
•"VirusScanBackgroundScanning"=dword:00000001—enables the background scanning of the specified database.
•"VirusScanProactiveScanning"=dword:00000001—enables the proactive scanning of the specified database.
SMTP transport scanning
|
The transport scanning settings are available only for Microsoft Exchange Server 2003. |
Registry key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\TransportAVAPI\]
"Enabled"=dword:00000001
Transport scanning is disabled by default. You can enable it on the last step of program installation. So, the first anti-virus scanning of the message will be performed on the OnSubmission SMTP event, i.e. on the transport level. Another scanning will be performed in the Exchange Information Store when the message is requested by a client.