RTF antivirus scanning has been disabled

[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at https://go.microsoft.com/fwlink/?linkid=34707.]  

Topic Last Modified: 2005-11-18

The Microsoft® Exchange Server Analyzer Tool reads the following registry entry to determine the value for the Rich Text Format (RTF) message antivirus scanning:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\VirusScan

If the Exchange Server Analyzer finds the value for ScanRTF is set to 0, a warning is displayed.

The ScanRTF registry key is set by third-party antivirus vendors that use the Exchange Virus Scanning API (VSAPI). RTF messages allow you to use colors, fonts, and formatting, but RTF is readable only by Microsoft Office Outlook® 2003. Exchange Server RTF format is different from reading a file in RTF format in a word processor such as Microsoft Office Word 2003.

It is recommended that you scan all message types for viruses, including RTF messages. You should enable virus scanning of all messages flowing through an Exchange Server computer.

Important

This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore the registry if a problem occurs. For information about how to restore the registry, view the "Restore the Registry" Help topic in Regedit.exe or Regedt32.exe.

To correct this error

  1. In your Exchange-aware antivirus application, enable scanning of all messages.

    or

  2. Manually modify the entry in the registry by performing the following procedure:

    • Open a registry editor, such as Regedit.exe or Regedt32.exe.

    • Navigate to:

      HKLM\System\CurrentControlSet\Services\MSExchangeIS\VirusScan

    • Double-click the ScanRTF registry entry and set its Value Data to 1.

    • Exit the registry editor and restart the Microsoft Exchange Information Store service and the services representing your Exchange-aware antivirus software for the change to take effect.

Before you edit the registry, and for information about how to edit the registry, see the Microsoft Knowledge Base article 256986, "Description of the Microsoft Windows Registry" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=256986).

For more information about fighting viruses, see the Web site "Slowing and Stopping E-mail Transmitted Viruses in an Exchange 2003 Environment" (https://go.microsoft.com/fwlink/?LinkId=30732).