How file-level antivirus software can harm your Exchange Server

Exchange administrators take necessary steps to ensure that Exchange Servers are protected from numerous viruses. But have you configured your antivirus software properly? If not, you can be inflicting more damage on Exchange than a virus. Learn how to properly configure antivirus software for Exchange Server.

There are countless email viruses out there, all of which are capable of unleashing havoc on your network. What...

you may not realize is that unless your antivirus software is properly configured, it can actually do more damage to Exchange Server than a virus could.

How can antivirus software harm Exchange Server more than a virus? It all depends on how that program works and how the Exchange information store functions.

Many antivirus programs on the market are Exchange Server-aware. This means that the application knows about Exchange Server's requirements and is written so that it does not damage Exchange. These types of antivirus programs are not the problem. What cause the problem are basic file-level virus scanning software products.

The use of file-level antivirus software can cause database failure. This happens because a file-level antivirus application may lock or even quarantine a log file, or database itself, when Exchange tries to use it. The end result is a catastrophic failure. When this occurs, Exchange will log Event ID 1018 in the server's Application log.

Note: If you are using Exchange 2000, you probably know that Exchange uses an M: drive. If you scan this drive with file-level antivirus software, you can cause calendar entries to disappear.

More on antivirus and email security:
Microsoft Exchange Server security dos and don'ts

Secure Edge Transport servers using the Security Configuration Wizard

The six-layered secret of effective Exchange Server email filtering

As you can see, file-level antivirus software can wreak havoc on your Exchange Server. You may not have to completely replace what you're using, but what can you do if you're using file level antivirus software?

Some vendors offer Exchange Server modules to augment basic antivirus products. If your antivirus vendor can't guarantee Exchange Server compatibility, it may be time to move to a different antivirus application. However, you do have the option to circumvent the problems by excluding certain folders from being scanned. The folders that you should remove from scanning are:

  • In Exchange Server 2003:
    • \Exchsrvr\MDBData
    • \SRS

  • In Exchange 2000
    • \Exchsrvr\MDBData
    • \SRS
    • M:

  • In Exchange 5.5
    • \Exchsrvr\MDBData
    • \DSAData

In Exchange 2007, things aren't quite as simple. The folders that need to be excluded vary depending on which server roles are installed. Furthermore, many of these paths are not absolute, but vary depending on your server's configuration.

There are Exchange Management Shell commands that you can use to determine which paths to avoid. Microsoft provides a document that explains which paths should not be scanned at the file level.

It's always best to use an Exchange-aware antivirus application, rather than simply configuring a file-level antivirus application to avoid damage. Non-Exchange aware antivirus applications can cause Exchange Server performance to suffer because it's scanning file types or even processes that are better left untouched.

File-level scanners only protect against viruses that reside in the file system. They do not protect against email viruses as they flow through the message transport server. They also do not scan Exchange server databases for infected attachments.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

This was last published in June 2009

Dig Deeper on Spam and virus protection

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close