Configuring the Transport Scan Job

Applies to: Forefront Security for Exchange Server

The Forefront Security for Exchange Server Transport Scan Job runs on an Exchange 2007 server with either a Hub Transport or an Edge Transport role installed. It can scan, in real time, all MIME and UUENCODE-based e-mail messages that are inbound or outbound from the transport stack of an Exchange site or organization as well as all internal e-mail. The transport scanner scans for viruses in attachments and for embedded and HTML viruses in the message body.

Configure the Transport Scan Job to specify what combination of inbound, outbound, and internal mail should be scanned. You can optionally specify Deletion Text and Tag Text.

To configure the Transport Scan Job

1. In the SETTINGS section of the Shuttle Navigator, select Scan Job. The Scan Job Settings work pane appears.

2. In the job list in the upper pane, select the Transport Scan Job.

3. In the Transport Messages section of the work pane, indicate the combination of Inbound, Outbound, and Internal messages to be scanned:

   • Selecting the Inbound check box within the Scan Job Settings work pane configures Forefront Security for Exchange Server to scan all e-mail messages entering the Edge Transport server or Hub Transport server. Messages are designated as inbound if the message originated from or was relayed through an external server. If the external server is not running FSE, this is an effective way to protect your installation from infected e-mail messages coming from the Internet.

   • Selecting the Outbound check box within the Scan Job Settings work pane configures FSE to scan all outgoing e-mail messages that leave your Exchange site or Exchange organization via the Edge Transport server or Hub Transport server. Messages are designated as outbound if at least one recipient has an external address.

   • Selecting the Internal check box within the Scan Job Settings work pane configures FSE to scan all mail that is being routed from one location inside your domain to another location inside your domain. Messages are designated as internal if they originate from inside your domain and all the recipients are located inside your domain.

4. Optionally, you can specify Deletion Text, which is used to replace the contents of an infected file during a delete operation. The default deletion text informs you that an infected file was removed, along with the name of the file and the name of the virus found. To create your own custom message, click Deletion Text.

5. Optionally, you can specify Tag Text. This text is used by Forefront Security for Exchange Server to “tag” the subject line or MIME header of messages that meet filter criteria so that they can be identified later for routing into specific user inboxes or for other purposes identified by the Forefront Server Security Administrator. The action for a filter must set to Identify: Tag Message in order for the tag to be used. To modify the text, click the Tag Text button on the Scan Job Settings work pane. The Tag Text dialog box appears. There are two fields, each of which has a default that can be changed. The subject line tag text defaults to “SUSPECT:” and the message header tag text (which cannot have any spaces) defaults to “Junk-Mail”. Click OK.

6. Click the Save button to save your Transport Scan Job settings.

   Note

   When editing the Transport Scan Job, if no changes are made to the Transport Scan Job configuration, the Save and Cancel buttons are inactive. Making any change to the configuration activates these buttons. If you make a change to the Transport Scan Job and try moving to another scan job or shuttle icon, you are prompted to save or discard your changes.