Antigen Is Scanning Public Folder Replication Messages

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2008-11-18

The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine whether a public folder store is present on each Exchange server. If the Exchange Server Analyzer finds that the InformationStore object is of the msExchPublicMDB object class, the server hosts a public folder store.

The Microsoft® Exchange Server Analyzer also queries the CIM_Datafile Microsoft Windows® Management Instrumentation (WMI) class to determine the value of the Version key for ANTIGENVSAPI.DLL. A Version key value of 1517 or greater for ANTIGENVSAPI.DLL indicates that Sybari Antigen for Microsoft Exchange version 8.0 SR3 or a later version is installed on the Exchange Server.

Finally, the Exchange Server Analyzer queries following registry branch to determine whether the DoNotScanIPMReplicationMessages key is present and does not have a value that is larger than 0:

HKEY_LOCAL_MACHINE\Software\Sybari Software\Antigen for Exchange\DoNotScanIPMReplicationMessages

The value of the DoNotScanIPMReplicationMessages key determines whether the installed Sybari Antigen will scan, and possibly remove, the Exchange Server public folder replication messages. A value of anything less than 1 for the DoNotScanIPMReplicationMessages key means that Antigen will scan the winmail.dat files for viruses. Exchange Server uses the Winmail.dat files for several purposes, including making public folder replication easier between servers. If Antigen modifies any one of these Winmail.dat files, the public folder replication process fails.

If the Exchange Server Analyzer determines that following conditions exist, the Exchange Server Analyzer displays an error:

  • The Exchange Server is hosting one or more public folder stores

  • Sybari Antigen build 1517 or a later version is installed on the server

  • The DoNotScanIPMReplicationMessages key is not present or, is present but does not have a value larger than 0.

Important

This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore the registry if a problem occurs. For information about how to restore the registry, view the "Restore the Registry" Help topic in Regedit.exe or Regedt32.exe.

To correct this error

  1. Open a registry editor, such as Regedit.exe or Regedt32.exe.

  2. Navigate to: HKLM\Software\Sybari Software\Antigen for Exchange

  3. If the DoNotScanIPMReplicationMessages.subkey already exists in the right pane, double-click it and set the value to 1.

  4. If the DoNotScanIPMReplicationMessages.subkey does not yet exist, right-click in the right pane to create it as a new DWORD value.

  5. Configure the DoNotScanIPMReplicationMessages value with a setting of 1.

    Note

    If a virus is replicated through public folder replication, even if you enable this new registry key, Antigen will still detect the virus on the Real-Time scan job

Before you edit the registry, and for information about how to edit the registry, see the Microsoft Knowledge Base article 256986, "Description of the Microsoft Windows registry" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=256986).

For more information about how to use antivirus software with Exchange Server, see the following Microsoft Knowledge Base articles: