Background antivirus scanning has been enabled
[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]
Topic Last Modified: 2005-11-18
The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine if background antivirus scanning is enabled:
If the Exchange Server Analyzer finds the value for the BackgroundScanning entry is set to 1, a warning is displayed.
When the BackgroundScanning registry entry is present and set to 1, all messages are rescanned in the background every time the antivirus program's signature file is updated. This behavior substantially impacts performance whenever an antivirus signature file is updated, and is therefore not recommended by Microsoft.
When you use a Virus Scanning Application Programming Interface (VSAPI) 2.0-based antivirus program and a client tries to open a message, a comparison is made to make sure that the message body and attachment have been scanned by the current virus signature file. If the current signature pattern file was not used to scan the content, the corresponding message is submitted to the antivirus program before that message is available to the client.
If the installed antivirus program does not include a user interface that allows you to disable background scanning, you can use the procedure below to control this behavior by modifying the registry on the Exchange Server computer.
This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore the registry if a problem occurs. For information about how to restore the registry, view the "Restore the Registry" Help topic in Regedit.exe or Regedt32.exe.
To correct this warning
Open a registry editor, such as Regedit.exe or Regedt32.exe.
In the right-hand pane, double-click the BackgroundScanning value.
In the Value Data field, change the value to 0.
Close the registry editor, and restart the Microsoft Exchange Information Store service, and your antivirus software services for the change to take effect.
Before you edit the registry, and for information about how to edit the registry, see the Microsoft Knowledge Base article 256986, "Description of the Microsoft Windows Registry" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=256986).
For more information on the different types of antivirus scanning programs used by Exchange, see the Knowledge Base article 328841, "Exchange and Antivirus software" (http://go.microsoft.com/fwlink/?LinkId=3052&kbid=328841).