Forefront Security for Exchange Server Best Practices - Transport scanning

Applies to: Forefront Security for Exchange Server

This section details the effects that the various options have on Transport scanning.

Transport scanning when using default settings

Forefront Security for Exchange Server is designed to reduce redundant scanning whenever possible. Therefore, when e-mail is in transport (Inbound, Outbound, or Internal), only the first transport node (Edge or Hub) scans the message and writes the antivirus transport stamp into it. Subsequent nodes respect the transport stamp and do not scan the message again. It is recommended that all Transport nodes be set to use the same scanning engines and bias settings.

Transport scanning when the stamp is turned off

If the antivirus transport stamp is turned off (by clearing the General Options setting “Optimize for Performance by Not Rescanning Messages Already Virus Scanned - Transport”), each Transport Scan Job scans messages (Inbound, Outbound, or Internal) on each transport node (Edge or Hub). Use this mode when you want to scan with different engines at each server role.

Transport scanning for outbound messages

It is good Internet etiquette to scan your outbound e-mail messages for viruses. In addition, this can protect you from legal liability should an infected PC in your organization attempt to send out viruses (a common behavior of Worm viruses).