Information Store Scanning Options within Symantec Mail Security for Microsoft Exchange (SMSMSE)

Products

Mail Security for Microsoft Exchange

Issue/Introduction

You would like to run a full scan of your Exchange Information store and would like details about the options available with Symantec Mail Security for Microsoft Exchange (SMSMSE).

Resolution

There are two options for store scanning within SMSMSE: 1) Manual/Scheduled scanning and 2) Background scanning. Each has advantages and disadvantages which are described below.

NOTE: Exchange 2013 no longer uses Virus Scanning Application Programming Interface (VSAPI) but uses Exchange Web Services (EWS). Some options for earlier versions of Exchange are no longer available on an Exchange 2013 server.

NOTE: Listed scan throughputs are based on internal Symantec testing and are intended as a rough estimate of the amount of time it will take to scan for viral content. This throughput may vary machine to machine based on the type of content scanned, the server hardware configuration, the load on the server at the time of the scan, and the options chosen for how to process the scan.

NOTE: Neither store scanning method applies AntiSpam features. AntiSpam features are available only for inbound emails. See the following article: Premium AntiSpam fails to filter Outgoing Spam messages.

	Manual/Scheduled Scan	Background Scan (no longer available in Exchange 2013)
Data Access Method	Exchange 2003 and 2007: Collaboration Data Objects (CDO) Exchange 2010 and 2013: Exchange Web Services (EWS)	Virus Scanning Application Programming Interface (VSAPI). This is a component of Exchanges Information store (store.exe)
Pros	Allows for more configuration options than Background scanning	Much faster scan times
Cons	Takes longer to complete a Manual/Scheduled scan than a Background scan, especially on Exchange 2010. This is due to limitations in the speed data can be retrieved via CDO or EWS	Not as many configuration options are available
Options Available	Stop scanning after X minutes Only scan items modified since last scan Scan message bodies Choose which messages to scan. Criteria include: Scan all messages in the store Scan all messages from the past number of days Scan all messages from the past number of hours Scan all messages from start date to end date Scan Location, criteria include: Scan all mailboxes Exclude specific mailboxes Scan specific mailboxes Scan all public folders Exclude specific public folders Scan specific public folders Enable or disable content filtering, separate from real-time content filtering.	Schedule when background scanning is to run. Symantec recommends scheduling background scanning for off hours, as it can be resource intensive. Scan messages with attachments only Choose messages to scan, criteria include: Scan all messages in the store Scan all messages from the past X number of days Scan all messages from the past X number of hours Scan all messages from start date X to end date Y The same content filtering rules that apply to real time scanning will also apply to background scanning, assuming the rule is applied to "Internal messages (store)"
Throughput	1 gb/hour	6 gb/hour

Manual/Scheduled Scanning

How to configure a Manual or Scheduled scan

Open the SMSMSE console
Navigate to Scans -> Manual Scan or Scheduled scans depending on whether you would like an on demand scan or a scan that recurs on a schedule
For Manual scans, click Edit manual scan, for Scheduled scans click New Scan...
Enter the criteria for the type of messages you would like to scan to process and click Next>
Select the mailboxes you would like to scan to apply to or exclude from the scan and click Next>
Enable any content filtering rules you would like to apply during the scan and click Next> if a Scheduled scan, if Manual, click Finish
For scheduled scans, select the schedule you want the scan to run on, and click Finish
Click Deploy changes
For manual scans, under "Tasks" click Run now

How to stop a scheduled scan

Close the SMSMSE console.
On the Windows taskbar, click Start > Run.
In the Run dialog box, type:
regedit
Click OK.
In the Registry Editor, navigate to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SMSMSE\6.x\Server\ScanJobs\<name of scheduled scan>
In the right pane, double-click ProgressStateDword.
In the Value Data field, type the binary value '0'
Click OK.
Exit the Registry Editor.
In the Services console, restart the Symantec Mail Security for Exchange service.

How to stop a manual scan

Open the SMSMSE console
Navigate to Scans -> Manual Scan
On the left side click Stop

Background Scanning

Note: The advanced scanning options affect both Real Time (auto-protect) and Background scanning equally. If "On virus definition update, force rescan before allowing access to the information store" is selected, background scanning will restart from the beginning of the store after every virus definition update. If you would like the background scan to complete scanning on the entire store before starting over, do not select this option.

How to configure Background scanning

Open the SMSMSE console
Navigate to Scans -> Auto-Protect
Check the box Enable background scanning
Select the schedule you want to use for background scanning by blocking out the times you would like the scan to run on the Day/Time matrix
Choose which messages you would like to be scanned
Select any advanced scanning options.
Click Deploy changes

The background scan will now proceed as configured.

How to stop Background scanning

Open the SMSMSE console
Navigate to Scans -> Auto-Protect
Un-check the box Enable background scanning
Click Deploy Changes