Topic Last Modified: 2006-04-21
The Microsoft® Exchange Server Analyzer Tool reads the following registry entries to obtain the list of file name extensions that have been excluded from the real-time file-level antivirus scanning in eTrust Antivirus from Computer Associates:
eTrust Antivirus 6.0
eTrust Antivirus 7.0
If the Exchange Server Analyzer determines that the value for dwFileFilterType is configured to scan all files regardless of the file name extension, a warning is displayed.
eTrust Antivirus is a file-level antivirus scanning program. To determine the version of eTrust Antivirus installed on your Exchange Server computer, do the following:
- Navigate to Start | Programs | eTrust
Antivirus, and then click eTrust Antivirus to start the
- On the eTrust Antivirus application menu, click Help,
and then click About eTrust Antivirus.
- Examine the Product Version field to determine the
version of eTrust Antivirus.
The following issues may occur when you use file-level scanners on an Exchange Server computer:
- File-level scanners scan a file when it is used or at a
scheduled interval, and may lock or quarantine an Exchange log or
database file while Exchange tries to use the file. This can cause
a severe failure in Exchange Server, and can also generate database
- More problems can occur if you scan the drive represented by
the Exchange Installable File System (IFS)—typically drive M—with
file-level scanner software.
Regardless of which file-level antivirus program that you use, you should always exclude the following files and folders from file-level scanners:
- .eml, .edb, .stm, .log, .dat and .chk files.
- The Exchange Server drive represented by the IFS. By default,
this is the M: drive.
- Exchange databases and log files. By default, these are located
in the Exchsrvr\Mdbdata folder.
- Exchange MTA files in the Exchsrvr\Mtadata folder.
- Additional log files such as the Exchsrvr\server_name.log
- The Exchsrvr\Mailroot virtual server folder.
- The working folder that is used to store streaming temporary
files that are used for message conversion. By default, this folder
is located at \Exchsrvr\MDBData, but you can configure the
- The temporary folder that is used with offline maintenance
tools such as Eseutil.exe. By default, this folder is the location
where the .exe file is run from, but you can configure the location
when you run the tool.
- Site Replication Service (SRS) files in the Exchsrvr\Srsdata
- Microsoft Internet Information Service (IIS) system files in
the %SystemRoot%\System32\Inetsrv folder.
- IIS working files in the %SystemRoot%\IIS Temporary Compressed
To correct this warning
Use the eTrust Antivirus user interface to exclude the listed folders and files from file-level antivirus scanning.
Visit the CA eTrust Antivirus Web site (http://www3.ca.com/Solutions/Product.asp?ID=156) for the latest information about using eTrust Antivirus on an Exchange Server computer.
Note: Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.
For more information about using antivirus software with Exchange Server, see the following Microsoft Knowledge Base articles:
- 328841, "XADM: Exchange and Antivirus Software" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=328841)
- 823166, "Overview of Exchange Server 2003 and antivirus
- 306105, "XGEN: Microsoft's Position on Antivirus Solutions for
Exchange 2000" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=306105)
- 245822, "Recommendations for troubleshooting an Exchange
computer with antivirus software installed" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=245822)
For a list of third-party antivirus software that is available for Exchange Server, see the Exchange Partners: Antivirus Web site (http://go.microsoft.com/fwlink/?LinkId=16226).
For more information about problems that can occur if you scan the IFS drive, see the following Knowledge Base articles:
- 298924, "XADM: Do Not Back Up or Scan Exchange 2000 Drive
- 300608, "XADM:C1041737 Err Msg Displayed When You Mount
- 299046, "XADM: Calendar Items Disappear from User's Folders"