Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine whether Virus Scanning Application Programming Interface (VSAPI)-compliant software is enabled on the Exchange Server computer:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\VirusScan\Enabled

The Exchange Server Analyzer also queries the CIM_Datafile Microsoft Windows® Management Instrumentation (WMI) class to determine the value of the Version key for Ese.dll, the Exchange Database Storage Engine, also known as the Extensible Storage Engine (ESE).

Finally, the Exchange Server Analyzer also queries the Active Directory® directory service to determine the value of the serialNumber attribute for all objects with an object class of msExchExchangeServer. If the string value includes "Version 5.5," the computer is running Microsoft Exchange Server 5.5. If the string value includes "Version 6.0," the computer is running Microsoft Exchange 2000 Server. If the string value includes "Version 6.5," the computer is running Microsoft Exchange Server 2003.

If the Exchange Server Analyzer finds the value for Version does not contain a substring of 6 as part of its version information, but the value for serialNumber indicates that Exchange 2000 Server or Exchange Server 2003 is installed, a non-Exchange version of the ESE is running on the Exchange Server.

If the Exchange Server Analyzer determines that a non-Exchange version of the ESE is not running, and the value for VirusScan \Enabled registry key is equal to 0, a warning is displayed. If the Exchange Server Analyzer determines that a non-Exchange version of the ESE is running on the Exchange Server, a separate warning is displayed.

It is generally recommended that you deploy antivirus software designed for messaging systems at the Simple Mail Transfer Protocol (SMTP) gateway or on the Exchange Server computers that host mailboxes. For the most protection, run antivirus software at the gateway that scans the inbound MIME messages and a scanner on the Exchange Server computer that uses VSAPI 2.0 (Exchange 2000 Server) or VSAPI 2.5 (Exchange Server 2003).

In addition, you should run antivirus software on the client computers. If you run antivirus software designed for messaging systems (meaning that it can parse and scan MIME) at the gateway or on the Exchange server, running a file-level scanner on the client computers is sufficient.

To correct this warning

  1. In the antivirus software program user interface, enable VSAPI scanning.

  2. If the problem persists after enabling VSAPI scanning, contact your antivirus software vendor for assistance.

For more information about virus-scanning programs that are typically used with Microsoft Exchange Server 2003, see the Microsoft Knowledge Base article 823166, "Overview of Exchange Server 2003 and antivirus software" (http://go.microsoft.com/fwlink/?LinkId=3052&kbid=823166).

For more information about virus-scanning programs that are typically used with Microsoft Exchange 2000 Server, see the Knowledge Base article 328841, "Exchange and Antivirus Software" (http://go.microsoft.com/fwlink/?LinkId=3052&kbid=328841).

For more information about fortifying an Exchange environment against e-mail transmitted viruses and worms, see "Slowing and Stopping E-Mail Viruses in an Exchange Server 2003 Environment" (http://go.microsoft.com/fwlink/?LinkId=47587).