Topic Last Modified: 2005-11-18
The Microsoft® Exchange Server Analyzer Tool queries the Win32_Service Microsoft Windows® Management Instrumentation (WMI) class to determine value of the Started key for the Trend Micro ScanMail for Microsoft Exchange ScanMail_Action service. A value of True indicates the ScanMail_Action service is running, and a value of False indicates it is not running.
The Exchange Server Analyzer also reads the following registry entry to determine if ScanMail for Microsoft Exchange is configured for wildcard character searches against the Active Directory® directory service:
HKEY_LOCAL_MACHINE\Software\TrendMicro\ScanMail for Exchange\CurrentVersion\SkipWildcardSearchInGC
A value of 1 for the SkipWildcardSearchInGC registry entry indicates wildcard searches are disabled. A value of 0 for the SkipWildcardSearchInGC entry indicates that wildcard searches are enabled.
In addition, the Exchange Server Analyzer also queries Active Directory to determine the count of the entries listed in the homeMDBBL attribute of each mailbox store. The count of this attribute represents the number of mailboxes on the mailbox store.
If the Exchange Server Analyzer determines that the ScanMail_Action service is running, that the Exchange server contains more than 100 mailboxes, and that the SkipWildcardSearchInGC registry entry is set to 0, a warning is displayed.
Trend Micro ScanMail for Microsoft Exchange provides antivirus protection for Exchange Server. Setting the SkipWildcardSearchInGC value to 1 prevents ScanMail for Microsoft Exchange from resolving a name with a wildcard character (*) in it. Querying a name with a wildcard character can significantly slow down the Exchange Server computer's performance because ScanMail for Exchange ends up checking the entire directory. In addition, the following performance counters will be high if the recommendations in this article are not implemented:
- MSExchangeIS/Virus Scan Queue Length
- MSExchangeIS/RPC Requests
- MSExchangeIS/RPC Averaged Latency
To correct this warning
Contact Trend Micro for information about using the SkipWildcardSearchInGC registry value (http://www.trendmicro.com/en/about/overview.htm).
For more information about the SkipWildcardSearchInGC registry value, see Trend Micro Solution ID 20393 (http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=20393).
Note: Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.
For more information about fortifying an Exchange environment against e-mail transmitted viruses and worms, see "Slowing and Stopping E-Mail Viruses in an Exchange Server 2003 Environment" (http://go.microsoft.com/fwlink/?LinkId=47587).
For more information about using antivirus software with Exchange Server, see the following Microsoft Knowledge Base articles:
- 328841, "XADM: Exchange and Antivirus Software" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=328841)
- 823166, "Overview of Exchange Server 2003 and antivirus
software" at (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823166)
- 306105, "XGEN: Microsoft's Position on Antivirus Solutions for
Exchange 2000" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=306105)
- 245822, "Recommendations for troubleshooting an Exchange
computer with antivirus software installed" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=245822)
For a list of third-party antivirus software that is available for Exchange Server, see the Exchange Server Partners: Antivirus Web site (http://go.microsoft.com/fwlink/?LinkId=16226).