FAQ: Auto-Protect options for Symantec Mail Security 4.5 for Microsoft Exchange
|Article:TECH82131|||||Created: 2004-01-09|||||Updated: 2004-01-16|||||Article URL http://www.symantec.com/docs/TECH82131|
This page answers frequently asked questions (FAQ) about Auto-Protect options. The Auto-Protect page is in the user interface under Scan Jobs. Symantec Mail Security 4.5 for Microsoft Exchange (SMS for Exchange) is set up.
The following sections are in a Question (Q:) and Answer (A:) style.
Q: What are the default settings for Auto-Protect ?
A: The default settings displayed on the Auto-Protect page are:
- Policy in use: Standard
- Enable Auto-Protect (Checked)
- Enable Exchange background scanning (Unchecked)
- On virus definition update, force rescan before allowing access to information store (Checked)
- Scan message bodies (Checked)
- Virus scan SMTP messages leaving server (Unchecked)
Q: What is the effect of disabling Auto-Protect?
A: There are multiple effects when you uncheck the option Enable Auto-Protect. The Store.exe process unloads the Symantec VSAPI dll. This dll is used by the Auto-Protect process for on-access, pro-active and background scanning. Unloading the dll can take several minutes. The activity of the store is the determining factor on how long it takes.
Note: Manual / Scheduled Scans do not depend on VSAPI, and therefore still work even with Auto-Protect disabled
Q: What is the purpose of Exchange background scanning?
A: “Enable Exchange background scanning is a core function of Microsoft’s VSAPI. When you check this option, a thread starts at the beginning of a database. It continues to the end. The purpose is to identify all items not scanned by the virus definition set. The following registry key specifies the virus definition version used. The registry location is.
Q: Where can I find more information regarding the Exchange background scanning?
A: Information on Exchange background scanning is found in the Symantec document : FAQ: Background scanning in Symantec Mail Security 4.5 for Microsoft Exchange.
Q: When you uncheck the option “On virus definition update, force . . .” what is the effect?
A: When you update a virus definition, this does not cause a rescan of items in the store.
Q: Why do I want to scan message bodies?
A: Some viruses are only found in the message body. When you uncheck this option, there are two effects. First, the SMS Exchange filtering rules for the store do not work. Second, viruses in message bodies are not detected.
Q: When do you check the option “Virus scan SMTP messages leaving the server”?
A: When an Exchange server is an open relay, check this option.
Note: On a mailbox server, that does not allow SMTP relay connections, leave this option unchecked.
Q: Is the option, “Virus scan SMTP messages leaving server” platform dependent?
A: Yes, on an Exchange 2000 server it depends on the destination of the user. When a user’s destination is outside the local store, scanning occurs. When the destination is local, no scanning occurs.
Scanning of all SMTP traffic takes place on Exchange 2003 server. The destination is irrelevant.
Q: Is an Information Store required to scan SMTP traffic for viruses?
A: If SMS for Exchange 4.5 is running on Exchange 2000, then a local Information Store is not required. If SMS for Exchange 4.5 is running on Exchange 2003, then a local Information Store is required because VSAPI 2.5 uses the SMTP mailbox in the store to scan all SMTP traffic for viruses.
An example of the Auto-Protect page follows:
Article URL http://www.symantec.com/docs/TECH82131