Background Scanning Detects Violations Older Than the Time Configured for the Scan
|Article:TECH141343|||||Created: 2010-10-06|||||Updated: 2012-01-25|||||Article URL http://www.symantec.com/docs/TECH141343|
Symantec Mail Security for Microsoft Exchange (SMSMSE) is configured for background scanning with a limit on how far back in time to select messages. However SMSMSE is scanning and finding violations in messages that are older than expected.
For example background scanning is configured to "Scan all messages from the past 2 hours" but SMSMSE has detected a virus or content filtering violation in a message 3 weeks old.
- Background scanning is configured with a limit on how far back to select messages.
1. Open the SMSMSE Administration Console.
2. Click Scans -> Auto-Protect.
3. If one of the following options is selected then this condition is met.
· Scan all messages from the past number of days
· Scan all messages from the past number of hours
· Scan all messages from the start date
Exchange 2007 or 2010
SMSMSE writes the scanning limit key in the wrong format. This causes Microsoft Exchange VSAPI to select all messages rather than limit by date and time.
This issue is resolved in SMSMSE 6.5.5 and later, upgrade to 6.5.5 to fix this problem.
Configure a scheduled scan as alternative to Background scanning. The scanning limits apply correctly with a scheduled scan.
To configure a scheduled scan:
- Open the SMSMSE console.
- Navigate to Scans -> Scheduled scans.
- Under Tasks click New Scan.
- In the resulting New scan wizard, Give the scan a descriptive name, configure the settings you would like for scan limits, and then click Next.
- Choose the mailboxes you would like to scan, and then click Next.
- Enable any content filtering rules you would like to be applied during the scan, and click Next.
- Set a schedule for when you would like the scan to be performed, then click Finish.
SMSMSE nows scan your information store according to your settings, and scanning limits should be applied as expected.
Article URL http://www.symantec.com/docs/TECH141343