Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool reads several registry entries to determine whether ScanMail for Microsoft Exchange Server is configured to delete attachments. The read values are in the registry at:

HKEY_LOCAL_MACHINE\Software\TrendMicro\ScanMail for Exchange\RealTimeScan\ScanOption\Advance

Value Description

ActionType

Indicates which attachments are to be blocked, if attachment blocking is turned on. A value of 0 indicates that all attachments are blocked. A value of 3 indicates that the administrator has specified a list of file extensions, file names, or true file types. This setting can be configured by selecting the desired option on the Attachment Blocking Settings dialog box in the ScanMail Management Console.

EnableAlert

Indicates if attachment blocking is enabled. A value of 1 indicates attachment blocking is enabled. A value of 0 indicates it is disabled. This setting can be configured by selecting (enable) or clearing (disable) the Enable attachment blocking check box on the Virus Scan | Options page in the ScanMail Management Console.

Extension

A semicolon delimited string value containing a list of file extensions for the attachments to be deleted. When specified attachments are being blocked, this setting can be configured by entering the desired extensions on the Attachment Blocking Settings dialog box in the ScanMail Management Console.

HKLM\Software\TrendMicro\ScanMail for Exchange\RealTimeScan\ScanOption

Value Description

EnableEManager

Indicates if ScanMail eManager is enabled. A value of 1 indicates eManager is enabled. A value of 0 indicates it is disabled. This setting can be configured by selecting (enable) or clearing (disable) the Enable eManager check box in the ScanMail Management Console. This setting is only available when ScanMail eManager, a separate, companion product, is installed.

EnableWebStoreDelMail

Indicates if the ScanMail Active Message Filter is enabled for inbound messages. A value of 1 indicates Active Message Filter is enabled for inbound messages. A value of 0 indicates it is not enabled for inbound messages. This setting can be configured by selecting (enable) or clearing (disable) the Inbound Messages check box on the Active Message Filter dialog box in the ScanMail Management Console.

The Exchange Server Analyzer also reads the following registry entry to determine if Virus Scanning API (VSAPI) message scanning is enabled:

HKLM\System\CurrentControlSet\Services\MSExchangeIS\VirusScan\Enabled

A value of 1 for Enabled indicates that VSAPI scanning is enabled. A value of 0 indicates VSAPI scanning is not enabled. This setting can be configured by selecting (enable) or clearing (disable) the Enable VS API virus scanning check box on the Virus Scan | Options page in the ScanMail Management Console.

If the Exchange Server Analyzer finds that all of the following criteria are true, a warning is displayed:

This warning indicates that ScanMail is configured to delete all attachments with the extensions listed in the Extension key during the next scheduled or manual scan.

To correct this warning

  1. Verify that you want attachments with the extensions listed in the Extension key deleted.

  2. If you want to, disable attachment blocking or change the action from Delete to Quarantine. This enables an administrator to examine the quarantined files for attachments that may need to be kept.

For more information about ScanMail for Microsoft Exchange Server and ScanMail eManager, visit the Trend Micro Web site (http://www.trend.com).

Note:
Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.