CA eTrust: Exchange process has not been excluded from real-time scanning
[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]
Topic Last Modified: 2005-11-18
The Microsoft® Exchange Server Analyzer Tool reads the following registry entries to obtain the list of processes that have been excluded from real-time file-level antivirus scanning in eTrust Antivirus from Computer Associates:
eTrust Antivirus 6.0
eTrust Antivirus 7.0
If the Exchange Server Analyzer finds that the value for szExcludeProcessNames does not include STORE.EXE, EMSMTA.EXE and MAD.EXE, a warning is displayed.
It is recommended that you do not scan the Microsoft Exchange Information Store process (Store.exe), the Exchange MTA process (Emsmta.exe) or the System Attendant process (Mad.exe) with a file-level based antivirus scanner while the these processes are running.
eTrust Antivirus is a file-level antivirus scanning program. To determine the version of eTrust Antivirus installed on your Exchange Server computer, do the following:
Navigate to Start | Programs | eTrust Antivirus, and then click eTrust Antivirus to start the application.
On the eTrust Antivirus application menu, click Help, and then click About eTrust Antivirus.
Examine the Product Version field to determine the version of eTrust Antivirus.
The following issues can occur when you use file-level scanners on an Exchange Server computer:
File-level scanners scan a file when it is used or at a scheduled interval, and may lock or quarantine an Exchange log or database file while Exchange tries to use the file. This can cause a severe failure in Exchange Server, and can also generate database errors.
More problems can occur if you scan the drive represented by the IFS—typically drive M—with file-level scanner software.
Regardless of which file-level antivirus program that you use, you should always exclude the following files and folders from file-level scanners:
.eml, .edb, .stm, .log, .dat and .chk files.
The Exchange Server drive represented by the IFS. By default, this is drive M.
Exchange databases and log files. By default, these are located in the Exchsrvr\Mdbdata folder.
Exchange MTA files in the Exchsrvr\Mtadata folder.
Additional log files such as the Exchsrvr\server_name.log file.
The Exchsrvr\Mailroot virtual server folder.
The working folder that is used to store streaming temporary files that are used for message conversion. By default, this folder is located at \Exchsrvr\MDBData, but you can configure the location.
The temporary folder that is used with offline maintenance tools such as Eseutil.exe. By default, this folder is the location where the .exe file is run from, but you can configure the location when you run the tool.
Site Replication Service (SRS) files in the Exchsrvr\Srsdata folder.
Microsoft Internet Information Service (IIS) system files in the %SystemRoot%\System32\Inetsrv folder.
IIS working files in the %SystemRoot%\IIS Temporary Compressed Files folder.
To correct this warning
Use the eTrust Antivirus user interface to exclude the above listed folders and files from file-level antivirus scanning.
Visit the Computer Associates eTrust Antivirus Web site (http://www3.ca.com/Solutions/Product.asp?ID=156) for the latest information about using eTrust Antivirus on an Exchange Server computer.
Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.
For more information about using antivirus software with Exchange Server, see the following Microsoft Knowledge Base articles:
328841, "XADM: Exchange and Antivirus Software" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=328841)
823166, "Overview of Exchange Server 2003 and antivirus software" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823166)
306105, "XGEN: Microsoft's Position on Antivirus Solutions for Exchange 2000" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=306105)
245822, "Recommendations for troubleshooting an Exchange computer with antivirus software installed" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=245822)
For a list of third-party antivirus software that is available for Exchange Server, see the Exchange Partners: Antivirus Web site (http://go.microsoft.com/fwlink/?LinkId=16226).
For more information about problems that can occur if you scan the IFS drive, see the following Knowledge Base articles:
298924, "XADM: Do Not Back Up or Scan Exchange 2000 Drive M" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=298924)
300608, "XADM: C1041737 Err Msg Displayed When You Mount Databases" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=300608)
299046, "XADM: Calendar Items Disappear from User's Folders" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=299046)