File-level scanners
File-level scanners are frequently used, and they may be the most problematic for use with Exchange 2003. File-level scanners may be either memory-resident or on-demand:
Memory-resident refers to a part of file-level antivirus software that is loaded in memory at all times. It checks all the files that are used on the hard disk and in computer memory.
On-demand refers to a part of file-level antivirus software that you can configure to scan files on the hard disk either manually or on a schedule. There are versions of antivirus software that start the on-demand scan automatically after virus signatures are updated to make sure that all files are scanned with the latest signatures.The following issues may occur when you use file-level scanners with Exchange 2003:
File-level scanners scan a file when the file is used or at a scheduled interval, and these scanners may lock or quarantine an Exchange log or a database file while Exchange 2003 tries to use the file. This behavior may cause a severe failure in Exchange 2003 and may also generate -1018 errors.
File-level scanners do not provide protection against e-mail viruses such as the Melissa virus.Note The Melissa virus is a Microsoft Word macro virus that can propagate itself through e-mail messages. The virus sends inappropriate e-mail messages to addresses that it finds in personal address books on Microsoft Outlook mail clients. Similar viruses can cause data destruction.Exclude the following folders from both on-demand file-level scanners and memory resident file-level scanners:
Exchange databases and log files across all storage groups. By default, these are located in the Exchsrvr\Mdbdata folder.
Exchange MTA files in the Exchsrvr\Mtadata folder.
Additional log files such as the Exchsrvr\server_name.log directory.
The Exchsrvr\Mailroot virtual server folder.
The working folder that is used to store streaming .tmp files that are used for message conversion. By default, this folder is Exchsrvr\Mdbdata, but the location is configurable. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
822936 (http://support.microsoft.com/kb/822936/ )
File-level scanners are frequently used, and they may be the most problematic for use with Exchange 2003. File-level scanners may be either memory-resident or on-demand:
Memory-resident refers to a part of file-level antivirus software that is loaded in memory at all times. It checks all the files that are used on the hard disk and in computer memory.
On-demand refers to a part of file-level antivirus software that you can configure to scan files on the hard disk either manually or on a schedule. There are versions of antivirus software that start the on-demand scan automatically after virus signatures are updated to make sure that all files are scanned with the latest signatures.The following issues may occur when you use file-level scanners with Exchange 2003:
File-level scanners scan a file when the file is used or at a scheduled interval, and these scanners may lock or quarantine an Exchange log or a database file while Exchange 2003 tries to use the file. This behavior may cause a severe failure in Exchange 2003 and may also generate -1018 errors.
File-level scanners do not provide protection against e-mail viruses such as the Melissa virus.Note The Melissa virus is a Microsoft Word macro virus that can propagate itself through e-mail messages. The virus sends inappropriate e-mail messages to addresses that it finds in personal address books on Microsoft Outlook mail clients. Similar viruses can cause data destruction.Exclude the following folders from both on-demand file-level scanners and memory resident file-level scanners:
Exchange databases and log files across all storage groups. By default, these are located in the Exchsrvr\Mdbdata folder.
Exchange MTA files in the Exchsrvr\Mtadata folder.
Additional log files such as the Exchsrvr\server_name.log directory.
The Exchsrvr\Mailroot virtual server folder.
The working folder that is used to store streaming .tmp files that are used for message conversion. By default, this folder is Exchsrvr\Mdbdata, but the location is configurable. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
822936 (http://support.microsoft.com/kb/822936/ )
Message flow to the local delivery queue is very slow
The temporary folder that is used in conjunction with offline maintenance utilities such as Eseutil.exe. By default, this folder is the location where the .exe file is run from, but you can configure where you run the file from when you run the utility.
Site Replication Service (SRS) files in the Exchsrvr\Srsdata folder.
Microsoft Internet Information Services (IIS) system files in the %SystemRoot%\System32\Inetsrv folder.
The temporary folder that is used in conjunction with offline maintenance utilities such as Eseutil.exe. By default, this folder is the location where the .exe file is run from, but you can configure where you run the file from when you run the utility.
Site Replication Service (SRS) files in the Exchsrvr\Srsdata folder.
Microsoft Internet Information Services (IIS) system files in the %SystemRoot%\System32\Inetsrv folder.
Note :
You may want to exclude the whole Exchsrvr folder from both on-demand file-level scanners and memory-resident file-level scanners.
The Internet Information Services (IIS) 6.0 compression folder that is used with Outlook Web Access 2003. By default, the compression folder in IIS 6.0 is located at %systemroot%\IIS Temporary Compressed Files. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
817442 (http://support.microsoft.com/kb/817442/ ) Antivirus scanning of IIS Compression directory may result in 0-byte file
For clusters, the Quorum disk and the %Winnt%\Cluster folder.
Any messaging antivirus program folders.
The Exchsrvr\Conndata folder.Exclude the folder that contains the checkpoint (.chk) file from memory resident file-level scanners and on-demand file-level scanners.
The Internet Information Services (IIS) 6.0 compression folder that is used with Outlook Web Access 2003. By default, the compression folder in IIS 6.0 is located at %systemroot%\IIS Temporary Compressed Files. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
817442 (http://support.microsoft.com/kb/817442/ ) Antivirus scanning of IIS Compression directory may result in 0-byte file
For clusters, the Quorum disk and the %Winnt%\Cluster folder.
Any messaging antivirus program folders.
The Exchsrvr\Conndata folder.Exclude the folder that contains the checkpoint (.chk) file from memory resident file-level scanners and on-demand file-level scanners.
Many file-level scanners now support scanning processes. This can also adversely affect Exchange. Therefore, you should exclude the following processes from file-level scanners:
Cdb.exe
Cidaemon.exe
Store.exe
Emsmta.exe
Mad.exe
Mssearch.exe
Inetinfo.exe
W3wp.exe
Cdb.exe
Cidaemon.exe
Store.exe
Emsmta.exe
Mad.exe
Mssearch.exe
Inetinfo.exe
W3wp.exe
No comments:
Post a Comment