Trend ScanMail configuration: QuerySender registry value is enabled
Topic Last Modified: 2006-04-20
The Microsoft® Exchange Server Analyzer Tool queries the Win32_Service Microsoft Windows® Management Instrumentation (WMI) class to determine the value of the Started key for the Trend Micro ScanMail for Microsoft Exchange ScanMail_Action service. A value of True indicates the ScanMail_Action service is running, and a value of False indicates it is not running.
The Exchange Server Analyzer also reads the following registry entry to determine if ScanMail for Microsoft Exchange is configured for wildcard character searches against the Active Directory® directory service:
HKEY_LOCAL_MACHINE\Software\TrendMicro\ScanMail for Exchange\RealTimeScan\QuerySender
A value of 0 for the QuerySender registry entry indicates wildcard searches are disabled. A value of 1 for the QuerySender entry indicates that wildcard searches are enabled.
In addition, the Exchange Server Analyzer queries Active Directory to determine the count of the entries listed in the homeMDBBL attribute of each mailbox store. The count of this attribute represents the number of mailboxes on the mailbox store.
If the Exchange Server Analyzer determines that the ScanMail_Action service is running, that the Exchange Server contains more than 100 mailboxes, and that the QuerySender registry entry is not set to 0, a warning is displayed.
Trend Micro ScanMail for Microsoft Exchange provides antivirus protection for Exchange Server. When ScanMail for Exchange is scanning a message sent to a distribution list, its default behavior is to query the Active Directory global catalog for all message recipients. If there are a large number of recipients in the distribution list, this behavior can cause performance problems. In addition, the following performance counters will be high if the recommendations in this article are not implemented:
MSExchangeIS/Virus Scan Queue Length
MSExchangeIS/RPC Averaged Latency
Setting the QuerySender value to 0 prevents ScanMail for Microsoft Exchange from querying the global catalog for all recipients when scanning messages sent to distribution lists.
Contact Trend Micro for information about using the QuerySender registry value (http://www.trendmicro.com/en/about/overview.htm).
For more information about the QuerySender registry value, see Trend Micro Solution ID 120393 (http://esupport.trendmicro.com/support/viewxml.do?ContentID=en-120393).
Note: Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.
For more information about fortifying an Exchange environment against e-mail transmitted viruses and worms, see "Slowing and Stopping E-Mail Viruses in an Exchange Server 2003 Environment" (http://go.microsoft.com/fwlink/?LinkId=47587).
For more information about using antivirus software with Exchange Server, see the following Microsoft Knowledge Base articles:
328841, "XADM: Exchange and Antivirus Software" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=328841)
823166, "Overview of Exchange Server 2003 and antivirus software" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823166)
306105, "XGEN: Microsoft's Position on Antivirus Solutions for Exchange 2000" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=306105)
245822, "Recommendations for troubleshooting an Exchange computer with antivirus software installed" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=245822)
For a list of third-party antivirus software that is available for Exchange Server, see the Exchange Server Partners: Antivirus Web site (http://go.microsoft.com/fwlink/?LinkId=16226).