File-Level Antivirus Scanning on Exchange 2007



Similar documents
Implementing Microsoft File Exclusions in Trend Micro OfficeScan 8.0

Kaspersky Lab Scan Exclusions by Application

BitDefender Security for File Servers RECOMMENDED CONFIGURATION

AND SERVER SECURITY

AND SERVER SECURITY

Installation Guide. McAfee Security for Microsoft Exchange Software

Lesson Plans Configuring Exchange Server 2007

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

Getting started. Symantec AntiVirus Corporate Edition 8.1 for Workstations and Network Servers

Unity Error Message: Your voic box is almost full

5053A: Designing a Messaging Infrastructure Using Microsoft Exchange Server 2007

Sophos for Microsoft SharePoint startup guide

GFI Product Manual. Administration and Configuration Manual

10135A: Configuring, Managing, and Troubleshooting Microsoft Exchange Server 2010

Symantec Mail Security for Microsoft Exchange Getting Started Guide

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

AV Management Dashboard

Configuring the Hub Transport Role

Sy Computing Services, Inc. TOP REASONS TO MOVE TO MICROSOFT EXCHANGE Prepared By:

User Guide - escan for Linux File Server

Kaspersky Security 8.0 for Microsoft Exchange Servers Installation Guide

2. Installation and System requirements

Journaling Guide for Archive for Exchange 2007

A Transend Corporation White Paper Preparing Microsoft Exchange Server for Migration

Anti-virus for Microsoft Exchange Server

MS Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 Service Pack 2

How To Configure And Manage An Exchange Server 2010 For Free

IceWarp Unified Communications. AntiVirus Reference. Version 10.4

MS Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010

Scan Sequence and Action in Microsoft Forefront Protection 2010 for Exchange Server

RELEASE NOTES F-Secure and Server Security Version RTM build 435

RELEASE NOTES F-Secure and Server Security Version RTM build 173

Antivirus Solution Guide for Clustered Data ONTAP 8.2.1: McAfee

Kaspersky Security 8.0 for Microsoft Exchange Servers AD Administrator's Guide

Symantec Mail Security for Microsoft Exchange Getting Started Guide

Doctor Web, All rights reserved

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

ESET Mail Security 4. User Guide. for Microsoft Exchange Server. Microsoft Windows 2000 / 2003 / 2008

Microsoft Exchange 2003 Disaster Recovery Operations Guide

Build Your Knowledge!

Sophos Anti-Virus for Mac OS X: Home Edition Help

Unity 7.x Event Log Errors

Configuring Managing and Troubleshooting Microsoft Exchange Server 2010

Administrator s Guide

PC Security and Maintenance

Quick Start - Exchange Mailbox Archiver Agent

FortiMail Filtering Course 221-v2.2 Course Overview

The Exchange 2010 Ecosystem

Symantec Protection for SharePoint Servers Implementation Guide

Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 Course 10135: 5 days; Instructor-Led

Product Guide. McAfee Endpoint Security for Mac Threat Prevention

Optimizing Microsoft Exchange in the Enterprise Part II: Hub Transport Server and Lync-SharePoint Integration

MS 10135B Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010

Monitoring Health and Performance

Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 Service Pack 2

Sophos Anti-Virus for Mac OS X Help

Administrator s Guide

Cisco ICM/IPCC Enterprise and Hosted Anti-Virus Software Guidelines

ES Exchange Server - How to Remove XMON

Course Outline: Course 10135A: Configuring, Managing and Troubleshooting Microsoft

Mod 08: Exchange Online FOPE

Trend Micro OfficeScan Best Practice Guide for Malware

ViRobot Desktop 5.5. User s Guide

MICROSOFT EXCHANGE SERVER 2007 upgrade campaign. Telesales script

Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 Service Pack 2

Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010 Service Pack 2

EXAM TS: Microsoft Exchange Server 2010, Configuring. Buy Full Product.

Getting Started with HC Exchange Module

About Backing Up a Cisco Unity System

Installing Communicator on Citrix XenApp and Windows Servers

Forefront Management Shell PowerShell Management of Forefront Server Products

Microsoft Security Essentials Installation and Configuration Guide

Table of contents 1. IMPORTANT INFORMATION BEFORE YOU START GETTING STARTED EXCHANGE CONTROL PANEL... 2

GFI FAXmaker 14.3 for Exchange/Lotus/SMTP. Manual. By GFI Software Ltd

PROMODAG REPORTS 10 FOR MICROSOFT EXCHANGE SERVER. Reporting on Exchange made simple! Getting started

McAfee Security for Microsoft Exchange

SecurEnvoy Security Server. SecurMail Solutions Guide

Deploying and Managing Microsoft Exchange Server 2013

Microsoft Exchange Server 2007, Upgrade from Exchange 2000/2003 ( /5049/5050) Course KC Days OVERVIEW COURSE OBJECTIVES AUDIENCE

Deploying Exchange Server 2007 SP1 on Windows Server 2008

Symantec Mail Security for Domino

McAfee VirusScan Enterprise for Storage 1.1.0

Symantec Endpoint Protection Small Business Edition Installation and Administration Guide

AKCess Pro Server Backup & Restore Manual

User's Manual. Intego VirusBarrier Server 2 / VirusBarrier Mail Gateway 2 User's Manual Page 1

RELEASE NOTES F-Secure and Server Security version build 739 (RTM)

Transcription:

File-Level Antivirus Scanning on Exchange 2007: Exchange 2007 Help 1 of 6 2009 Microsoft Corporation. All rights reserved. File-Level Antivirus Scanning on Exchange 2007 Applies to: Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007 Topic Last Modified: 2009-07-22 This topic describes the effects of file-level antivirus programs on computers that are running Microsoft Exchange Server 2007. If you implement the recommendations described in this topic, you can enhance the security and health of your Exchange organization. File-level scanners are frequently used. However, if they are configured incorrectly, they can cause problems in Exchange 2007. There are two types of file-level scanners: Memory-resident file-level scanning refers to a part of file-level antivirus software that is loaded in memory at all times. It checks all the files that are used on the hard disk and in computer memory. On-demand file-level scanning refers to a part of file-level antivirus software that you can configure to scan files on the hard disk manually or on a schedule. Some versions of antivirus software start the on-demand scan automatically after virus signatures are updated to make sure that all files are scanned with the latest signatures. The following problems may occur when you use file-level scanners with Exchange 2007: File-level scanners may scan a file when the file is being used or at a scheduled interval. This can cause the scanners to lock or quarantine an Exchange log or a database file while Microsoft Exchange tries to use the file. This behavior may cause a severe failure in Microsoft Exchange and may also cause -1018 errors. File-level scanners do not provide protection against e-mail viruses, such as the Melissa virus. Note: The Melissa virus was a Trojan horse macro virus that propagated itself through e-mail messages in 1999. The virus sent e-mail messages that had malicious attachments to addresses that it found in the personal address books on Microsoft Outlook mail clients. Such viruses can cause data destruction. Exchange 2007 Recommendations If you are deploying file-level scanners on Exchange 2007 servers, make sure that the appropriate exclusions, such as directory exclusions, process exclusions, and file name extension exclusions, are in place for both scheduled and real-time scanning. This section describes directory exclusions, process exclusions, and file name extension exclusions for each server or server role. Directory Exclusions You must exclude specific directories for each Exchange server or server role on which you run a file-level antivirus scanner. This section describes the directories that you should exclude from file-level scanning for each server or server role. Mailbox server role Exchange databases, checkpoint files, and log files across all storage groups. By default, these are located in sub-folders under the %Program Files%\Microsoft\Exchange Server \Mailbox folder. You can obtain the directory location by running the following commands in the Exchange Management Shell: To determine the location of a transaction log and checkpoint file, run the following command: Get-StorageGroup -server <servername> fl *path* To determine the location of a mailbox database, run the following command: Get-MailboxDatabase -server <servername> fl *path* To determine the location of a public folder database, run the following command:

File-Level Antivirus Scanning on Exchange 2007: Exchange 2007 Help 2 of 6 Get-PublicFolderDatabase -server <servername> fl *path* Database content indexes. By default, these are located in storage group sub-folders under the %Program Files%\Microsoft\Exchange Server\Mailbox folder. General log files, such as message tracking log files. These files are located in subfolders under the %Program Files%\Microsoft\Exchange Server\TransportRoles\Logs folder and %Program Files%\Microsoft\Exchange Server\Logging folder. To determine the log paths being used, run the following command in the Exchange Management Shell: Get-MailboxServer <servername> fl *path* The Offline Address Book files that are located in subfolders under the %Program Files%\Microsoft\Exchange Server\ExchangeOAB folder IIS system files in the %SystemRoot%\System32\Inetsrv folder The temporary folder that is used with offline maintenance utilities, such as Eseutil.exe. By default, this folder is the location where the.exe file is run from. However, you can configure where you perform the operation from when you run the utility. The temporary folders that are used to perform conversions: Content conversions are performed in the server s TMP folder. OLE conversions are performed in %Program Files%\Microsoft\Exchange Server \Working\OleConvertor folder. The Mailbox database temporary folder: %Program Files%\Microsoft \Exchange Server\Mailbox\MDBTEMP Any Exchange-aware antivirus program folders Clustered Mailbox server All the items listed in the Mailbox server role list, and the following: The quorum disk and the %Winnt%\Cluster folder The file share witness. This is located on another server in the environment, typically a Hub Transport server. The ExchangeOAB directory on a shared drive. The location is specified by the registry key SYSTEM\CurrentControlSet\Services\MSExchangeSA\Parameters\<CMSname>\OabDropFolderLocation Note: By default, the ExchangeOAB directory is at the following location: %Program Files%\Microsoft\Exchange Server\ExchangeOAB Hub Transport server role General log files, for example, message tracking. These files are located in subfolders under the %Program Files%\Microsoft\Exchange Server\TransportRoles\Logs folder. To determine the log paths being used, run the following command in the Exchange Management Shell: Get-TransportServer <servername> fl *logpath*,*tracingpath* The message folders that are located under the %Program Files%\Microsoft \Exchange Server\TransportRoles folder. To determine the paths being used, run the following command in the Exchange Management Shell: Get-TransportServer <servername> fl *dir*path* The transport server role queue database, checkpoint, and log files that are located in the %Program Files%\Microsoft\Exchange Server\TransportRoles\Data\Queue folder. For more information about how to obtain the directory location if the queue database files have been moved from the default location, see Working with the Queue Database on Transport Servers [ http://technet.microsoft.com/en-us/library/bb124343(exchg.80).aspx ]. The transport server role Sender Reputation database, checkpoint, and log files that are located in the %Program Files%\Microsoft\Exchange Server\TransportRoles \Data\SenderReputation folder The transport server role IP filter database, checkpoint, and log files that are located in the %Program Files%\Microsoft\Exchange Server\TransportRoles\Data\IpFilter folder The temporary folders that are used to perform conversions: Content conversions are performed in the server s TMP folder. OLE conversions are performed in %Program Files%\Microsoft\Exchange Server

File-Level Antivirus Scanning on Exchange 2007: Exchange 2007 Help 3 of 6 \Working\OleConvertor folder. Any Exchange-aware antivirus program folders Edge Transport server role The Active Directory Application Mode (ADAM) database and log files that are located in the %Program Files%\Microsoft\Exchange Server\TransportRoles\Data\Adam folder. For more information about how to obtain the directory location if the ADAM database files have been moved from the default location, see How to Modify ADAM Configuration [ http://technet.microsoft.com/en-us/library/aa997269(exchg.80).aspx ]. General log files, for example message tracking. These files are located in subfolders under the %Program Files%\Microsoft\Exchange Server\TransportRoles\Logs folder. To determine the log paths being used, run the following command in the Exchange Management Shell: Get-TransportServer <servername> fl *logpath*,*tracingpath* The message folders that are located under the %Program Files%\Microsoft \Exchange Server\TransportRoles folder. To determine the log paths being used, run the following command in the Exchange Management Shell: Get-TransportServer <servername> fl *dir*path* The transport server role queue database, checkpoint, and log files that are located in the %Program Files%\Microsoft\Exchange Server\TransportRoles\Data\Queue folder. For more information about how to obtain the directory location if the queue database files have been moved from the default location, see Working with the Queue Database on Transport Servers [ http://technet.microsoft.com/en-us/library/bb124343(exchg.80).aspx ]. The transport server role Sender Reputation database, checkpoint, and log files that are located in the %Program Files%\Microsoft\Exchange Server\TransportRoles \Data\SenderReputation folder The transport server role IP filter database, checkpoint, and log files that are located in the %Program Files%\Microsoft\Exchange Server\TransportRoles\Data\IpFilter folder The temporary folders that are used to perform conversions: Content conversions are performed in the server s TMP folder. OLE conversions are performed in %Program Files%\Microsoft\Exchange Server \Working\OleConvertor folder. Any Exchange-aware antivirus program folders Client Access server role The Internet Information Services (IIS) 6.0 compression folder that is used with Microsoft Outlook Web Access. By default, the compression folder in IIS 6.0 is located at %systemroot%\iis Temporary Compressed Files. For more information, see the Microsoft Knowledge Base article 817442, A 0-byte file may be returned when compression is enabled on a server that is running IIS [ http://go.microsoft.com/fwlink/?linkid=3052&kbid=817442 ]. IIS system files in the %SystemRoot%\System32\Inetsrv folder The Internet-related files that are stored in the sub-folders of the %Program Files%\Microsoft\Exchange Server\ClientAccess folder The temporary folder that is used to perform content conversion. By default, this is the server s TMP folder. Unified Messaging server role The grammar files that are stored in the subfolders in the %Program Files%\Microsoft \Exchange Server\UnifiedMessaging\grammars folder The voice prompts that are stored in the subfolders in the %Program Files%\Microsoft \Exchange Server\UnifiedMessaging\Prompts folder The voicemail files that are stored in the %Program Files%\Microsoft\Exchange Server \UnifiedMessaging\voicemail folder The bad voicemail files that are stored in the %Program Files%\Microsoft\Exchange Server \UnifiedMessaging\badvoicemail folder Microsoft ForeFront Security for Exchange Server The archived messages that are stored in the %Program Files%\Microsoft ForeFront Security\Exchange Server\Data\Archive folder The quarantined files that are stored in the %Program Files%\Microsoft ForeFront Security \Exchange Server\Data\Quarantine folder The antivirus engine files that are stored in the subfolders of

File-Level Antivirus Scanning on Exchange 2007: Exchange 2007 Help 4 of 6 %Program Files%\Microsoft ForeFront Security\Exchange Server\Data\Engines\x86 folder The configuration files that are stored in the %Program Files%\Microsoft ForeFront Security \Exchange Server\Data folder Microsoft ForeFront Security For Exchange Server on Single Copy Clusters (SCC) In addition to the directories that contain antivirus engine and configuration files, exclude the directory on the shared storage used for ForeFront data. To determine the path that ForeFront uses on an SCC, check the value of the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\DatabasePath Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data. Process Exclusions Many file-level scanners now support the scanning of processes. This too can adversely affect Microsoft Exchange if the incorrect processes are scanned. Therefore, you should exclude the following processes from file-level scanners. Cdb.exe Microsoft.Exchange.Search.Exsearch.exe Cidaemon.exe Microsoft.Exchange.Servicehost.exe Cluster.exe Msexchangeadtopologyservice.exe Dsamain.exe Msexchangefds.exe Edgecredentialsvc.exe Msexchangemailboxassistants.exe Edgetransport.exe Msexchangemailsubmission.exe Galgrammargenerator.exe Msexchangetransport.exe Inetinfo.exe Msexchangetransportlogsearch.exe Mad.exe Msftefd.exe Microsoft.Exchange.Antispamupdatesvc.exe Msftesql.exe Microsoft.Exchange.Contentfilter.Wrapper.exe Oleconverter.exe Microsoft.Exchange.Cluster.Replayservice.exe Powershell.exe Microsoft.Exchange.Edgesyncsvc.exe Sesworker.exe Microsoft.Exchange.Imap4.exe Speechservice.exe Microsoft.Exchange.Imap4service.exe Store.exe Microsoft.Exchange.Infoworker.Assistants.exe Transcodingservice.exe Microsoft.Exchange.Monitoring.exe Umservice.exe Microsoft.Exchange.Pop3.exe Umworkerprocess.exe Microsoft.Exchange.Pop3service.exe W3wp.exe If you are also deploying ForeFront Security for Exchange Server, exclude the following processes.

File-Level Antivirus Scanning on Exchange 2007: Exchange 2007 Help 5 of 6 Adonavsvc.exe Fscstatsserv.exe Fsccontroller.exe Fsctransportscanner.exe Fscdiag.exe Fscutility.exe Fscexec.exe Fsemailpickup.exe Fscimc.exe Fssaclient.exe Fscmanualscanner.exe Getenginefiles.exe Fscmonitor.exe Perfmonitorsetup.exe Fscrealtimescanner.exe Scanenginetest.exe Fscstarter.exe Semsetup.exe File Name Extension Exclusions In addition to excluding specific directories and processes, as a secondary measure, in case directory exclusions fail or files are moved, you should exclude the following Exchange-specific file name extensions. Application-related extensions.config.dia.wsb Database-related extensions.chk.log.edb.jrs.que Offline Address Book-related extensions:.lzx Content Index-related extensions.ci.wid.001.dir.000.002 Unified Messaging-related extensions.cfg.grxml ForeFront Security for Exchange Server related extensions.avc.dt.lst.cab.fdb.mdb.cfg.fdm.ppl.config.ide.set.da1.key.v3d.dat.klb.vdb

File-Level Antivirus Scanning on Exchange 2007: Exchange 2007 Help 6 of 6.def.kli.vdm The file name extensions listed for ForeFront Security for Exchange Server are the signature files from various antivirus directory engines. In most cases, these file name extensions do not change, but file name extensions may be added in the future as third-party antivirus vendors update their antivirus signature files. av exclusions Community Content This list of Exchange AV exclusions is crazy! Last Edit 3:10 AM by Anthony Maw The list of exclusions here is enough to be bewildering to even experienced Exchange administrators and the probability of error is HIGH. Does anybody at Microsoft actually recommend that users actually try to exclude all these hundreds of this-and-that items? IIS 7 Temporary Compressed files folder Last Edit 8:32 AM by Lasse Pettersson - When running IIS7 the "Temporary Compressed files" folder is located in C:\Inetpub\temp All these exclusions leave HUGE security holes... Last Edit 4:51 AM by MIDAC Well, if I was a virus I would certainly try to hide in any of the folders discussed here... and there are many to choose from! I cannot believe the recommendation is to exclude the server s TMP folder too? Trying to find the TMP folder for "content conversion"? Last Edit 9:54 PM by evilution13b The temporary folder that is used to perform content conversion. By default, this is the server s TMP folder. --> I'm probably reading more into this but wanted to validate the correct folder (running Win2008 64BIT). Is the "TMP" folder actaully "C:\Windows\Temp" or another folder? There is a "TMP" folder under documents and settings for each local user profile but that doesn't make sense. I'm sure this is simple but wanted to validate 100% for the exclusion list. Thanks folder location tmp What is the Alternative? Last Edit 4:02 PM by Frank Rowland it is complicated to run Anti-virus on exchange, but the alternative to all of these exclusions is to run NO ANTI-VIRUS at all. Which is worse? You can use exchange aware anti virus solutions. Last Edit 8:43 PM by Dr. RPC If you think that the above steps mentioned in the technet article are cubresome and complex, you are right. As an alternative you can use exchange aware anti virus solutions.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information