There are countless email viruses out there, all of which are capable of unleashing havoc on your network. What you may not realize is that unless your antivirus software is properly configured, it can actually do more damage to Exchange Server than a virus could.
How can antivirus software harm Exchange Server more than a virus? It all depends on how that program works and how the Exchange information store functions.
Many antivirus programs on the market are Exchange Server-aware. This means that the application knows about Exchange Server's requirements and is written so that it does not damage Exchange. These types of antivirus programs are not the problem. What cause the problem are basic file-level virus scanning software products.
The use of file-level antivirus software can cause database failure. This happens because a file-level antivirus application may lock or even quarantine a log file, or database itself, when Exchange tries to use it. The end result is a catastrophic failure. When this occurs, Exchange will log Event ID 1018 in the server's Application log.
Note: If you are using Exchange 2000, you probably know that Exchange uses an M: drive. If you scan this drive with file-level antivirus software, you can cause calendar entries to disappear.
As you can see, file-level antivirus software can wreak havoc on your Exchange Server. You may not have to completely replace what you're using, but what can you do if you're using file level antivirus software?
Some vendors offer Exchange Server modules to augment basic antivirus products. If your antivirus vendor can't guarantee Exchange Server compatibility, it may be time to move to a different antivirus application. However, you do have the option to circumvent the problems by excluding certain folders from being scanned. The folders that you should remove from scanning are:
- In Exchange Server 2003:
- In Exchange 2000
- \Exchsrvr\MDBData
- \SRS
- M:
- In Exchange 5.5
- \Exchsrvr\MDBData
- \DSAData
In Exchange 2007, things aren't quite as simple. The folders that need to be excluded vary depending on which server roles are installed. Furthermore, many of these paths are not absolute, but vary depending on your server's configuration.
There are Exchange Management Shell commands that you can use to determine which paths to avoid. Microsoft provides a document that explains which paths should not be scanned at the file level.
It's always best to use an Exchange-aware antivirus application, rather than simply configuring a file-level antivirus application to avoid damage. Non-Exchange aware antivirus applications can cause Exchange Server performance to suffer because it's scanning file types or even processes that are better left untouched.
File-level scanners only protect against viruses that reside in the file system. They do not protect against email viruses as they flow through the message transport server. They also do not scan Exchange server databases for infected attachments.
About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.
Do you have comments on this tip? Let us know.
Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.
