CA eTrust: Exchange data drive has not been excluded from real-time scanning

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool reads the following registry entries to obtain the list of directories that have been excluded from the real-time file-level antivirus scanning in eTrust Antivirus from Computer Associates:

eTrust Antivirus 6.0

HKEY_LOCAL_MACHINE\Software\ComputerAssociates\InoculateIT\6.0\Realtime\szExcludeDirs

eTrust Antivirus 7.0

HKLM\Software\ComputerAssociates\eTrustAntivirus\CurrentVersion\Realtime\szExcludeDirs

The Exchange Server Analyzer also queries the Active Directory® directory service to determine the value for the MsExchESEParamSystemPath attribute of each storage group. This attribute represents the path of the Exchange data files.

If the Exchange Server Analyzer finds that the value for szExcludeDirs does not include the path that corresponds to the Exchange system data file location, a warning is displayed.

eTrust Antivirus is a file-level antivirus scanning program. To determine the version of eTrust Antivirus installed on your Exchange Server computer:

  1. Navigate to Start | Programs | eTrust Antivirus, and then click eTrust Antivirus to start the application.

  2. On the eTrust Antivirus application menu, click Help, and then click About eTrust Antivirus.

  3. Examine the Product Version field to determine the version of eTrust Antivirus.

The following issues can occur when you use file-level scanners on an Exchange Server computer:

  • File-level scanners scan a file when it is used or at a scheduled interval, and may lock or quarantine an Exchange log or database file while Exchange tries to use the file. This can cause a severe failure in Exchange Server, and can also generate database errors.

  • More problems can occur if you scan the drive represented by the Exchange Installable File System (IFS)—typically drive M—with file-level scanner software.

Regardless of which file-level antivirus program you use, you should always exclude the following files and folders from file-level scanners:

  • .eml, .edb, .stm, .log, .dat and .chk files.

  • The Exchange Server drive represented by the IFS. By default, this is drive M.

  • Exchange databases and log files. By default, these are located in the Exchsrvr\Mdbdata folder.

  • Exchange MTA files in the Exchsrvr\Mtadata folder.

  • Additional log files such as the Exchsrvr\server_name.log file.

  • The Exchsrvr\Mailroot virtual server folder.

  • The working folder that is used to store streaming temporary files that are used for message conversion. By default, this folder is located at \Exchsrvr\MDBData, but you can configure the location.

  • The temporary folder that is used with offline maintenance tools such as Eseutil.exe. By default, this folder is the location where the .exe file is run from, but you can configure the location when you run the tool.

  • Site Replication Service (SRS) files in the Exchsrvr\Srsdata folder.

  • Microsoft Internet Information Service (IIS) system files in the %SystemRoot%\System32\Inetsrv folder.

  • IIS working files in the %SystemRoot%\IIS Temporary Compressed Files folder.

To correct this warning

  1. Use the eTrust Antivirus user interface to exclude the above listed folders and files from file-level antivirus scanning.

  2. Visit the CA eTrust Antivirus Web site (http://www3.ca.com/Solutions/Product.asp?ID=156) for the latest information about using eTrust Antivirus on an Exchange Server computer.

    Note

    Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.

For more information about using antivirus software with Exchange Server, see the following Microsoft Knowledge Base articles:

For a list of third-party antivirus software that is available for Exchange Server, see the Exchange Partners: Antivirus Web site (https://go.microsoft.com/fwlink/?LinkId=16226).

For more information about problems that can occur if you scan the IFS drive, see the following Knowledge Base articles: