Configuring the antivirus settings for the Realtime Scan Job

  • Article

 

Applies to: Forefront Security for Exchange Server

There are various settings that you can adjust for the Realtime Scan Job. These include file scanner selection, bias, action, notifications, and quarantining.

To configure antivirus settings

  1. In the SETTINGS section of the Shuttle Navigator, select Antivirus. The Antivirus Settings work pane appears

  2. In the job list in the upper pane, select the Realtime Scan Job.

  3. In the lower pane, select the engines to use for the scan job, from the list of available File Scanners. All the engines are listed, and the five you chose at installation are initially selected by default. (Although you may only use a maximum of five engines, you may use any five. You are not limited to the ones you selected during the installation.) To disable virus scanning while retaining the ability to run File Filtering and Content Filtering, clear the Virus Scanning check box in the Run Job work pane of the OPERATE section of the Shuttle Navigator for the Realtime Scan Job.

    Note

    If you have the maximum of five engines selected and you want to change the ones used, clear the check boxes of unwanted engines before selecting new ones. You may only have a maximum of five engines selected at a time.

  4. In the Bias field, select a bias setting for the scan job. Bias controls how many engines to use to provide you with an acceptable probability that your system is protected. The more engines you use, the greater the probability that all viruses will be caught. However, the more engines you use, the greater the impact on your system's performance.

    Note

    Consider setting the Bias to Favor Certainty.

    For more information about Bias settings, see the Multiple Scan Engines chapter of the "Microsoft Forefront Security for Exchange Server User Guide."

  5. In the Action field, select the action that you want Forefront Security for Exchange Server to perform when a virus is detected. The action choices are:

    • Skip: detect only   Make no attempt to clean or delete the infection. Viruses are reported, but the files remain infected. If, however, Delete Corrupted Compressed, Delete Corrupted Uuencode Files, or Delete Encrypted Compressed Files was selected in General Options, a match to any of those conditions causes the item to be deleted.

    • Clean: repair attachment   Attempt to clean the virus. If successful, the infected attachment or message body is replaced with the clean version. If cleaning is not possible, the attachment or message body is replaced with the Deletion Text. This is the default setting.

    • Delete: remove infection   Delete the attachment without attempting to clean it. The detected attachment is removed from the message and the Deletion Text is inserted in its place.

  6. Enable e-mail notifications by using the Send Notifications field. This setting does not affect reporting to the Incidents log. In addition, you must also configure the notifications (see Sending e-mail notifications). Notifications are disabled by default.

  7. Enable or disable the saving of attachments detected by the file scanning engines by using the Quarantine Files field. Quarantining is enabled by default. Enabling quarantine causes deleted attachments and purged messages to be stored, permitting you to recover them. However, worm-purged messages are not recoverable.

  8. Click Save.