CA eTrust: Real-time scanning is set to scan all files regardless of extension

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2006-04-21

The Microsoft® Exchange Server Analyzer Tool reads the following registry entries to obtain the list of file name extensions that have been excluded from the real-time file-level antivirus scanning in eTrust Antivirus from Computer Associates:

eTrust Antivirus 6.0

HKEY_LOCAL_MACHINE\Software\ComputerAssociates\InoculateIT\6.0\Realtime\dwFileFilterType

eTrust Antivirus 7.0

HKLM\Software\ComputerAssociates\eTrustAntivirus\CurrentVersion\Realtime\dwFileFilterType

If the Exchange Server Analyzer determines that the value for dwFileFilterType is configured to scan all files regardless of the file name extension, a warning is displayed.

eTrust Antivirus is a file-level antivirus scanning program. To determine the version of eTrust Antivirus installed on your Exchange Server computer, do the following:

1. Navigate to Start | Programs | eTrust Antivirus, and then click eTrust Antivirus to start the application.

2. On the eTrust Antivirus application menu, click Help, and then click About eTrust Antivirus.

3. Examine the Product Version field to determine the version of eTrust Antivirus.

The following issues may occur when you use file-level scanners on an Exchange Server computer:

• File-level scanners scan a file when it is used or at a scheduled interval, and may lock or quarantine an Exchange log or database file while Exchange tries to use the file. This can cause a severe failure in Exchange Server, and can also generate database errors.

• More problems can occur if you scan the drive represented by the Exchange Installable File System (IFS)—typically drive M—with file-level scanner software.

Regardless of which file-level antivirus program that you use, you should always exclude the following files and folders from file-level scanners:

• .eml, .edb, .stm, .log, .dat and .chk files.

• The Exchange Server drive represented by the IFS. By default, this is the M: drive.

• Exchange databases and log files. By default, these are located in the Exchsrvr\Mdbdata folder.

• Exchange MTA files in the Exchsrvr\Mtadata folder.

• Additional log files such as the Exchsrvr\server_name.log file.

• The Exchsrvr\Mailroot virtual server folder.

• The working folder that is used to store streaming temporary files that are used for message conversion. By default, this folder is located at \Exchsrvr\MDBData, but you can configure the location.

• The temporary folder that is used with offline maintenance tools such as Eseutil.exe. By default, this folder is the location where the .exe file is run from, but you can configure the location when you run the tool.

• Site Replication Service (SRS) files in the Exchsrvr\Srsdata folder.

• Microsoft Internet Information Service (IIS) system files in the %SystemRoot%\System32\Inetsrv folder.

• IIS working files in the %SystemRoot%\IIS Temporary Compressed Files folder.

To correct this warning

1. Use the eTrust Antivirus user interface to exclude the listed folders and files from file-level antivirus scanning.

2. Visit the CA eTrust Antivirus Web site (http://www3.ca.com/Solutions/Product.asp?ID=156) for the latest information about using eTrust Antivirus on an Exchange Server computer.

   Note

   Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.

For more information about using antivirus software with Exchange Server, see the following Microsoft Knowledge Base articles:

• 328841, "XADM: Exchange and Antivirus Software" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=328841)

• 823166, "Overview of Exchange Server 2003 and antivirus software" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=823166)

• 306105, "XGEN: Microsoft's Position on Antivirus Solutions for Exchange 2000" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=306105)

• 245822, "Recommendations for troubleshooting an Exchange computer with antivirus software installed" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=245822)

For a list of third-party antivirus software that is available for Exchange Server, see the Exchange Partners: Antivirus Web site (https://go.microsoft.com/fwlink/?LinkId=16226).

For more information about problems that can occur if you scan the IFS drive, see the following Knowledge Base articles:

• 298924, "XADM: Do Not Back Up or Scan Exchange 2000 Drive M" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=298924)

• 300608, "XADM:C1041737 Err Msg Displayed When You Mount Databases" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=300608)

• 299046, "XADM: Calendar Items Disappear from User's Folders" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=299046)