Configuring antivirus settings for the Transport Scan Job


Applies to: Forefront Security for Exchange Server

After you have configured the scan job settings, select the antivirus engines to use, the Bias setting, the Action to take, and whether to Send Notifications or Quarantine Files.


To configure antivirus settings

  1. In the SETTINGS section of the Shuttle Navigator, click Antivirus. The Antivirus Settings work pane appears.

  2. From the list in the upper pane, select the Transport Scan Job.

  3. From the list of available third-party scanners in the File Scanners section, choose the file scanning engines. The five engines you chose at installation are initially selected by default. (Although you may only use a maximum of five engines, you may use any five. You are not limited to the ones you selected during the installation.) To disable virus scanning while retaining the ability to run File Filtering and Keyword Filtering, clear the Virus Scanning check box in the Run Job work pane of the OPERATE section of the Shuttle Navigator for the Transport Scan Job.


    If you have the maximum of five engines selected and you want to change the ones used, clear the check boxes of unwanted engines before selecting new ones. You may only have a maximum of five engines selected at a time.

  4. In the Bias field, select a bias setting for the scan job. Bias controls how many engines to use to provide you with an acceptable probability that your system is protected. The more engines you use, the greater the probability that all viruses will be caught. However, the more engines you use, the greater the impact on your system's performance.


    Because the Transport Scan Job is your first line of defense against unwanted and malicious messages and attachments, consider setting the Bias to Max Certainty or Favor Certainty. Favor Certainty is the default setting.

    For more information about Bias settings, see the Multiple Scan Engines chapter of the "Microsoft Forefront Security for Exchange Server User Guide."

  5. In the Action field, select the action that you want Forefront Security for Exchange Server to perform when a virus is detected:

    • Skip: detect only   Make no attempt to clean or delete the infection. Viruses are reported, but the files remain infected. If, however, Delete Corrupted Compressed, Delete Corrupted Uuencode Files, or Delete Encrypted Compressed Files was selected in General Options, a match to any of those conditions will cause the item to be deleted.

    • Clean: repair attachment   Attempt to clean the virus. If successful, the infected attachment or message body is replaced with the clean version. If cleaning is not possible, the attachment or message body is replaced with the Deletion Text. This is the default setting.

    • Delete: remove infection   Delete the attachment or message body without attempting to clean it. The detected attachment is removed from the message and the Deletion Text is inserted in its place. By default, the text file contains the following string when viewed: Microsoft Forefront Security for Exchange Server removed %File% since it was found to be infected with %Virus% virus.

  6. Enable e-mail notifications by using the Send Notifications field. This setting does not affect reporting to the Virus Incidents log. In addition, you must also configure the notifications (see Sending e-mail notifications). Notifications are disabled by default.

  7. Enable or disable saving infected attachments detected by the file scanning engines by using the Quarantine Files field. Quarantining is enabled by default. Enabling quarantine causes deleted attachments and purged messages to be stored, permitting you to recover them. However, worm-purged messages are not recoverable.

  8. Click the Save button to save your antivirus settings.