Microsoft Exchange Server Anti-Virus Scanning Settings

The VSAPI-based anti-virus scanning is adjusted by means of a set of registry keys and involves two following types of settings:

Global settings

Database settings

SMTP transport scanning

warning_green

The anti-virus scanning settings listed below are available for Microsoft Exchange Server 2007 and 2010.

Global settings

These settings are used by default for all Information Stores on server.

On access scanning

Registry key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan]

"Enabled"=dword:00000001

This setting enables the anti-virus check for all Information Stores. The message will be scanned every time it is requested by a client.

Background scanning

Registry key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan]

"BackgroundScanning"=dword:00000001

Background scanning implies creating of a new thread where all the messages located in all the Information Stores on the server, including the Stores of shared folders, are scanned. Enabling the background scanning may adversely affect the mail server performance. By default, the task starts daily at 1:15 AM to avoid increasing the server load. You can change the scanning schedule, if needed, and select a time period when the background scanning does not affect the mail server performance.

Proactive scanning

Registry key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan]

"ProactiveScanning"=dword:00000001

This setting enables the proactive scanning. In this case all the messages are checked immediately after they get into the Store. Messages that have passed proactive scanning and have not changed their time stamps aren't checked once more when they are requested by a client.

Disabling outgoing messages check

Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan

"TransportExclusion"=reg_dword:00000001

This setting allows disabling/enabling (by specifying 0 or 1 value respectively) the malware check for outgoing messages when they are picked up by transport system from the Store. This check is enabled by default.

Configuring the number of threads for VSAPI

The number of threads for VSAPI 2.6 is specified by default in the Exchange Server settings. But you can also configure it manually by creating the ScanningThreads parameter in the registry entry below.

Registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\VirusScan

"ScanningThreads"=reg_dword

This parameter determines the maximum number of threads created for scanning. Changing the value of this parameter affects only on access and proactive scanning. It does not affect the background scanning, which always uses one thread per database.

By default, the value of this parameter is set to 2 *<number of processors> + 1.

Database settings

These settings allow you to specify the scanning parameters for each mail database on the server. The registry key for these settings is the following:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server-Name>\<ID Base>],

where <Server-Name>is the name of the server, <ID Base> is the database identifier, e.g., Private-ae39732e-fb7f-426d-98a0-298f3f014c77.

Parameters:

"VirusScanEnabled"=dword:00000001—enables the anti-virus scanning of the specified database.

"VirusScanBackgroundScanning"=dword:00000001—enables the background scanning of the specified database.

"VirusScanProactiveScanning"=dword:00000001—enables the proactive scanning of the specified database.