Trend ScanMail is configured to delete all file attachments
[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]
Topic Last Modified: 2005-11-18
The Microsoft® Exchange Server Analyzer Tool reads several registry entries to determine whether ScanMail for Microsoft Exchange is configured to delete attachments. The read values are in the registry at:
HKEY_LOCAL_MACHINE\Software\TrendMicro\ScanMail for Exchange\RealTimeScan\ScanOption\Advance
| Value | Description |
|---|---|
ActionType |
Indicates which attachments are to be blocked, if attachment blocking is turned on. A value of 0 indicated that all attachments are blocked. A value of 3 indicates that the administrator has specified a list of file name extensions, file names or true file types. This setting can be configured by selecting the appropriate option on the Attachment Blocking Settings dialog box in the ScanMail Management Console. |
EnableAlert |
Indicates if attachment blocking is enabled. A value of 1 indicates attachment blocking is enabled. A value of 0 indicates it is disabled. This setting can be configured by selecting (enable) or clearing (disable) the Enable attachment blocking check box on the Virus Scan | Options page in the ScanMail Management Console. |
HKLM\Software\TrendMicro\ScanMail for Exchange\RealTimeScan\ScanOption
| Value | Description |
|---|---|
EnableEManager |
Indicates if ScanMail eManager is enabled. A value of 1 indicates eManager is enabled. A value of 0 indicates it is disabled. This setting can be configured by selecting (enable) or clearing (disable) the Enable eManager check box in the ScanMail Management Console. This setting is only available when ScanMail eManager, a separate, companion product, is installed. |
EnableWebStoreDelMail |
Indicates if the ScanMail Active Message Filter is enabled for inbound messages. A value of 1 indicates Active Message Filter is enabled for inbound messages. A value of 0 indicates it is not enabled for inbound messages. This setting can be configured by selecting (enable) or clearing (disable) the Inbound Messages check box on the Active Message Filter dialog box in the ScanMail Management Console. |
The Exchange Server Analyzer also reads the following registry entry to determine whether Virus Scanning API (VSAPI) message scanning is enabled:
HKLM\System\CurrentControlSet\Services\MSExchangeIS\VirusScan\Enabled
A value of 1 for Enabled indicates that VSAPI scanning is enabled. A value of 0 indicates VSAPI scanning is not enabled. This setting can be configured by selecting (enable) or clearing (disable) the Enable VS API virus scanning check box on the Virus Scan | Options page in the ScanMail Management Console.
If the Exchange Server Analyzer finds that all the following criteria are true, a warning is displayed:
VSAPI scanning is Enabled in ScanMail for Exchange
EnableAlert has a value of 1
ActionType has a value of 0
EnableEManager has a value of 1
EnableWebStoreDelMail has a value of 1
This warning indicates that ScanMail is configured to delete all attachments during the next scheduled or manual scan.
To correct this warning
Verify that you want attachments deleted.
If you want to, disable attachment blocking or change the action from Delete to Quarantine. This enables an administrator to examine the quarantined files for attachments that may need to be kept.
For more information about ScanMail for Microsoft Exchange and ScanMail eManager, visit the Trend Micro Web site (http://www.trend.com).
Note
Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.