Topic Last Modified: 2005-11-18
The Microsoft® Exchange Server Analyzer Tool reads several registry entries to determine if ScanMail for Microsoft Exchange is configured to delete attachments. The read values are located in the registry at:
HKEY_LOCAL_MACHINE\Software\TrendMicro\ScanMail for Exchange\RealTimeScan\ScanOption\Advance
| Value | Description |
|---|---|
|
ActionType |
Indicates which attachments are to be blocked, if attachment blocking is turned on. A value of 0 indicates that all attachments are blocked. A value of 3 indicates that the administrator has specified a list of file name extensions, file names, or true file types. This setting can be configured by selecting the desired option on the Attachment Blocking Settings dialog box in the ScanMail Management Console. |
|
EnableAlert |
Indicates if attachment blocking is enabled. A value of 1 indicates attachment blocking is enabled. A value of 0 indicates it is disabled. This setting can be configured by selecting (enable) or clearing (disable) the Enable attachment blocking check box on the Virus Scan | Options page in the ScanMail Management Console. |
|
FileName |
A semicolon delimited string value containing a list of files to be deleted. When specified files are being blocked, this setting can be configured by entering the desired file names on the Attachment Blocking Settings dialog box in the ScanMail Management Console. |
HKLM\Software\TrendMicro\ScanMail for Exchange\RealTimeScan\ScanOption
| Value | Description |
|---|---|
|
EnableEManager |
Indicates if ScanMail eManager is enabled. A value of 1 indicates eManager is enabled. A value of 0 indicates it is disabled. This setting can be configured by selecting (enable) or clearing (disable) the Enable eManager check box in the ScanMail Management Console. This setting is only available when ScanMail eManager, a separate, companion product, is installed. |
|
EnableWebStoreDelMail |
Indicates if the ScanMail Active Message Filter is enabled for inbound messages. A value of 1 indicates Active Message Filter is enabled for inbound messages. A value of 0 indicates it is not enabled for inbound messages. This setting can be configured by selecting (enable) or clearing (disable) the Inbound Messages check box on the Active Message Filter dialog box in the ScanMail Management Console. |
The Exchange Server Analyzer also reads the following registry entry to determine if Virus Scanning API (VSAPI) message scanning is enabled:
HKLM\System\CurrentControlSet\Services\MSExchangeIS\VirusScan\Enabled
A value of 1 for Enabled indicates that VSAPI scanning is enabled. A value of 0 indicates VSAPI scanning is not enabled. This setting can be configured by selecting (enable) or clearing (disable) the Enable VS API virus scanning check box on the Virus Scan | Options page in the ScanMail Management Console.
If the Exchange Server Analyzer finds that all of the following criteria are true, a warning is displayed:
- VSAPI scanning is enabled in ScanMail for Exchange
- EnableAlert has a value of 1
- ActionType has a value of 3
- EnableEManager has a value of 1
- EnableWebStoreDelMail has a value of 1
- FileName is not null or empty
This warning indicates that ScanMail is configured to delete all attachments with the names listed in the FileName key during the next scheduled or manual scan.
To correct this
warning
-
Verify that you want attachments that have the names listed in the FileName key deleted.
-
If desired, disable attachment blocking or change the action from Delete to Quarantine. This enables an administrator to examine the quarantined files for attachments that may need to be kept.
For more information about ScanMail for Microsoft Exchange and ScanMail eManager, see the Trend Micro Web site (http://www.trend.com).
 Note: |
|---|
| Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here. |