About mailbox database scanning


適用於: Forefront Protection for Exchange

主題上次修改日期: 2011-03-25

On the Exchange Mailbox server role, Exchange provides a virus scanning API (VSAPI) that enables antivirus vendors to scan messages passing through the Exchange mail store (mailbox database).

When a mail client, such as Outlook, accesses messages, FPE provides real-time protection by means of the Exchange VSAPI plug-in. It intercepts and routes messages to an FPE scanning process for malware scanning and filtering.

A message in the mailbox database can be scanned in the following ways:

  • Realtime scanning—Scans messages when they are accessed. Access can include opening a message with a client application, viewing it in a preview pane, and performing content-indexing operations. By default this option is enabled.

  • Scheduled scanning—Scans messages based on a set schedule or can be run immediately as needed. Scheduled scans are typically used to scan the entire information store. This option must be configured and enabled. To configure scheduled scanning, see 排程信箱與公用資料夾的惡意程式碼掃描.

    It is a recommended best practice to run a full, scheduled scan, during off hours in order to conserve resources, after installing FPE.
  • On-demand scanning—Scans specific mailboxes that are suspected of being compromised by malware. This option must be configured and started on demand. To configure on-demand scanning, see 隨選掃描特定信箱尋找惡意程式碼.

Together, these scanning processes can be used to provide enhanced protection at the mailbox database.

There are two basic configurations for mailbox database scanning, default and outbreak modes. For more information, see Default mailbox database scanning mode and Malware outbreak mailbox database scanning mode.