Anti-Virus folder exclusions have not been configured
[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]
Topic Last Modified: 2005-11-18
The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine whether Symantec AntiVirus Corporate Edition (Symantec AV) is installed on the Exchange Server, and RealTime Protection (RTP) is enabled:
If the Exchange Server Analyzer finds that the HaveExceptionDirs registry value is set to 0, the Exchange Server Analyzer displays an error. A HaveExceptionDirs registry value of 0 indicates that folder exclusions are disabled.
Folder exclusions prevent specific folders from being scanned during real-time antivirus scanning. If you have not enabled folder exclusions on your Exchange Server, the following problems can occur:
Symantec AV RTP may provide false positive reports on certain clean files that are accessed during ordinary program activity.
Symantec AV RTP may incorrectly report infected files in software that your corporate security policy already permits to run on your Exchange Server.
Symantec AV RTP may scan the Exchange Server directory structure and cause inaccurate virus detections, unexpected behavior on the Exchange server, or damage to the Exchange Server databases.
You must never run file-based scanning software against Exchange Server databases, logs, temporary files, Internet Information Services (IIS) system files, or the installable file system (IFS) drive (drive M). Configure antivirus software to avoid scanning the folders that contain these files.
You can run file-based antivirus software against the operating system of the Exchange Server computer and against Exchange Server program files (the Exchsrvr\Bin folder). However, do not run file-based antivirus software against the following files and folders:
Exchange Server databases (.mdb and .stm files) and transaction log (.log) files (default location: \Exchsrvr\MDBData)
Exchange Server .mta files (default location: \Exchsrvr\Mtadata)
Exchange Server message tracking log files (default location: \Exchsrvr\Server_Name.log)
Virtual server folders (default location: \Exchsrvr\Mailroot)
Site Replication Service (SRS) files (default location: \Exchsrvr\Srsdata)
Internet Information Service (IIS) system files (default location: \%SystemRoot%\System32\Inetsrv)
Internet Mail Connector files (default location: \Exchsrvr\IMCData)
The working folder that is used to store streaming temporary files that are used for message conversion. By default, this working folder is located at \Exchsrvr\MDBData
A temporary folder that is used together with offline maintenance utilities, such as Eseutil.exe. By default, this folder is the location that you run the .exe files from, but you can configure this when you run the utility.
You can run file-based scanning against the following folders:
For detailed information about how to configure exclusions on RealTime scanning in Symantec AntiVirus Corporate Edition, see the Symantec antivirus Web site (http://www.symantec.com).
Web addresses can change, so you might be unable to connect to the Web site or sites that are mentioned here.
For more information about fortifying an Exchange Server environment against e-mail transmitted viruses and worms, see "Slowing and Stopping E-Mail Viruses in an Exchange Server 2003 Environment" (http://go.microsoft.com/fwlink/?LinkId=47587).
For more information about how to use antivirus software with Exchange Server, see the following Microsoft Knowledge Base articles:
328841, "Exchange and antivirus software" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=328841)
823166, "Overview of Exchange Server 2003 and antivirus software" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823166)
306105, "XGEN: Microsoft's Position on Antivirus Solutions for Exchange 2000" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=306105)
245822, "Recommendations for troubleshooting an Exchange Server computer with antivirus software installed" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=245822)
For a list of third-party antivirus software that is available for Exchange Server, see the Exchange Server Partners: Antivirus Web site (http://go.microsoft.com/fwlink/?linkid=16226).