Content Filtering and Virus violations pass directly through Symantec Mail Security for Microsoft Exchange after install on an Exchange 2003 cluster

book

Article ID: 177436

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

No content filtering or virus violations are detected, in addition, the statistics on the home page show auto-protect scans as "0" regardless of the amount of mail flow.

Conditions

  •  One or more of the following registry keys exists:

 

HKLM\SYSTEM\ControlSet001\Services\MSExchangeIS\<EVS Name>\Private-xxxxxxxx\VirusScanBackgroundScanning
HKLM\SYSTEM\ControlSet001\Services\MSExchangeIS\<EVS Name>\Private-xxxxxxxx\VirusScanEnabled
HKLM\SYSTEM\ControlSet001\Services\MSExchangeIS\<EVS Name>\Private-xxxxxxxx\VirusScanProactiveScanning

HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<EVS Name>\Private-xxxxxxxx\VirusScanBackgroundScanning
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<EVS Name>\Private-xxxxxxxx\VirusScanEnabled
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<EVS Name>\Private-xxxxxxxx\VirusScanProactiveScanning

 

 


 

Cause

Previously Trend Micro's ScanMail was installed on this cluster server. Trend Micro allows control of scanning of individual mail stores, and these registry entries control that individual store scanning function. When ScanMail is removed, registry entries are left behind, which directs all information from VSAPI to the Trend scanner, which no longer exists on the system.

Resolution

Remove Trend registry keys and restart Microsoft Exchange Information Store.  Perform the following steps on each server in the cluster:
 

1. Remove the following registry keys.


WARNING: Symantec strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the keys that are specified. Read the document How to back up the Windows registry for instructions.


 

 


HKLM\SYSTEM\ControlSet001\Services\MSExchangeIS\<EVS Name>\Private-xxxxxxxx\VirusScanBackgroundScanning
HKLM\SYSTEM\ControlSet001\Services\MSExchangeIS\<EVS Name>\Private-xxxxxxxx\VirusScanEnabled
HKLM\SYSTEM\ControlSet001\Services\MSExchangeIS\<EVS Name>\Private-xxxxxxxx\VirusScanProactiveScanning

HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<EVS Name>\Private-xxxxxxxx\VirusScanBackgroundScanning
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<EVS Name>\Private-xxxxxxxx\VirusScanEnabled
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<EVS Name>\Private-xxxxxxxx\VirusScanProactiveScanning
 

 

2. Restart Microsoft Exchange Information Store.


Note: Rather than restart the information store the VSAPI registry key can be set.  After this is set Exchange reloads SMSMSE and sets the registry key to zero.

a.  To reload VSAPI set the registry key "HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS\Virusscan\Reloadnow" to 1.