Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool reads several registry entries to determine whether ScanMail for Microsoft Exchange is configured to delete attachments. The read values are in the registry at:

HKEY_LOCAL_MACHINE\Software\TrendMicro\ScanMail for Exchange\RealTimeScan\ScanOption\Advance

Value Description

ActionType

Indicates which attachments are to be blocked, if attachment blocking is turned on. A value of 0 indicated that all attachments are blocked. A value of 3 indicates that the administrator has specified a list of file name extensions, file names or true file types. This setting can be configured by selecting the appropriate option on the Attachment Blocking Settings dialog box in the ScanMail Management Console.

EnableAlert

Indicates if attachment blocking is enabled. A value of 1 indicates attachment blocking is enabled. A value of 0 indicates it is disabled. This setting can be configured by selecting (enable) or clearing (disable) the Enable attachment blocking check box on the Virus Scan | Options page in the ScanMail Management Console.

HKLM\Software\TrendMicro\ScanMail for Exchange\RealTimeScan\ScanOption

Value Description

EnableEManager

Indicates if ScanMail eManager is enabled. A value of 1 indicates eManager is enabled. A value of 0 indicates it is disabled. This setting can be configured by selecting (enable) or clearing (disable) the Enable eManager check box in the ScanMail Management Console. This setting is only available when ScanMail eManager, a separate, companion product, is installed.

EnableWebStoreDelMail

Indicates if the ScanMail Active Message Filter is enabled for inbound messages. A value of 1 indicates Active Message Filter is enabled for inbound messages. A value of 0 indicates it is not enabled for inbound messages. This setting can be configured by selecting (enable) or clearing (disable) the Inbound Messages check box on the Active Message Filter dialog box in the ScanMail Management Console.

The Exchange Server Analyzer also reads the following registry entry to determine whether Virus Scanning API (VSAPI) message scanning is enabled:

HKLM\System\CurrentControlSet\Services\MSExchangeIS\VirusScan\Enabled

A value of 1 for Enabled indicates that VSAPI scanning is enabled. A value of 0 indicates VSAPI scanning is not enabled. This setting can be configured by selecting (enable) or clearing (disable) the Enable VS API virus scanning check box on the Virus Scan | Options page in the ScanMail Management Console.

If the Exchange Server Analyzer finds that all the following criteria are true, a warning is displayed:

This warning indicates that ScanMail is configured to delete all attachments during the next scheduled or manual scan.

To correct this warning

  1. Verify that you want attachments deleted.

  2. If you want to, disable attachment blocking or change the action from Delete to Quarantine. This enables an administrator to examine the quarantined files for attachments that may need to be kept.

For more information about ScanMail for Microsoft Exchange and ScanMail eManager, visit the Trend Micro Web site (http://www.trend.com).

Note:
Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.