Preventing Symantec AntiVirus Corporate Edition 8.x from scanning the Microsoft Exchange directory structure

Article:TECH99907  |  Created: 2002-01-09  |  Updated: 2006-01-02  |  Article URL http://www.symantec.com/docs/TECH99907
Article Type
Technical Solution


Environment

Issue



This document discusses how to prevent Symantec AntiVirus Corporate Edition (Symantec AntiVirus) 8.x from scanning the Microsoft Exchange directory structure to prevent problems with the Internet Mail Connector (IMC) or Information Store (IS).


Solution



Symantec AntiVirus only protects the file system on an Exchange server and not Exchange server itself. The protection of the Exchange server is the role of a product like Symantec AntiVirus/Filtering for Microsoft Exchange. Certain folders must be excluded from scanning by Symantec AntiVirus. If Symantec AntiVirus scans the Exchange structure or the Symantec AntiVirus/Filtering temp folder, it can cause false positive virus detections, unexpected behavior on the Exchange server, or damage to the Exchange databases. This is true of all antivirus programs running on Exchange servers. For more information, read the Microsoft Knowledge Base article XGEN: Recommendations for Troubleshooting an Exchange Computer with Antivirus Software Installed - ID 245822.

The details in the following sections cover the folders that can be safely scanned or need to be excluded when Symantec AntiVirus or other Symantec products are installed.

Folders that file-system antivirus software can safely scan
  • Exchsrvr\Address
  • Exchsrvr\Bin
  • Exchsrvr\Conndata
  • Exchsrvr\Exchweb
  • Exchsrvr\Res
  • Exchsrvr\Schema
  • Any additional directories which are not a part of a standard Exchange installation, and are not included in the list of directories (shown below) which are unsafe to scan

Folders to exclude when using file-system antivirus software
These folders should be excluded from Realtime Protection, Scheduled Scans, and Manual Scans.



WARNING:
A common mistake is to configure exclusions for Auto-Protect, but to forget to exclude scheduled scans and manual scans. All types of scans that run on the on the server must be excluded, or there is a risk of data loss on the server.

Another common mistake is to omit the paths to the folders that you want to exclude. For example, to exclude the Exchsrvr\Mdbdata folder, you would most likely exclude C:\Program Files\Exchsrvr\Mdbdata. Because Exchange folder locations can be configured differently, the paths here are given starting from the Exchsrvr folder.




Notes:
In both versions of Microsoft Exchange, the Tmp.edb file may be found in more than one location. Search for the file, and exclude it in any of the locations where it is found.

You can exclude single files from within Symantec AntiVirus, but not from within the Symantec System Center. This means that, with all versions, you must exclude Tmp.edb from within Symantec AntiVirus on the Exchange server.



Exchange 5.5
  • Exchange databases (default location: Exchsrvr\Mdbdata)
  • Exchange MTA files (default location: Exchsrvr\Mtadata)
  • Exchange temporary files - Tmp.edb
  • Additional log files (default location/name: Exchsrvr\Tracking.log)
  • Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
  • Inbox and Outbox for Internet Mail Connector (Exchsrvr\IMCDATA folder)
  • Internet Information Service (IIS) system files (:\Winnt\System32\Inetsrv)
Exchange 2000
  • The Installable File System (IFS) (default location: drive M)
  • Exchange databases (default location: Exchsrvr\Mdbdata)
  • Exchange MTA files (default location: Exchsrvr\Mtadata)
  • Exchange temporary files: Tmp.edb
  • Additional log files (default location: Exchsrvr\server_name .log)
  • Virtual server folder (default location: Exchsrvr\Mailroot)
  • Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
  • Internet Information Service (IIS) system files (:\Winnt\System32\Inetsrv)
  • Site Server Gatherer temporary directory (:\Winnt\Temp\Gthrsvc), if it exists.
Exchange 2003
  • Exchange databases (default location: Exchsrvr\Mdbdata)
  • Exchange MTA files (default location: Exchsrvr\Mtadata)
  • Exchange temporary files: Tmp.edb
  • Additional log files (default location: Exchsrvr\server_name .log)
  • Virtual server folder (default location: Exchsrvr\Mailroot)
  • Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
  • Internet Information Service (IIS) system files (:\Windows\System32\Inetsrv)
  • Working folder for message conversion .tmp files. (default location: Exchsrvr\Mdbdata)
    The location of this folder is configurable. For additional information, read the Microsoft Knowledge Base article 822936 - Message Flow to the Local Delivery Queue Is Very Slow.
  • The temporary folder that is used in conjunction with offline maintenance utilities such as Eeseutil.exe. By default, this folder is the location from which you run the executable, but you can configure where you run the file from when you run the utility.
  • The folder that contains the checkpoint (.chk) file.
    For information on the location of this file, read the Microsoft Knowledge Base article Overview of Exchange Server 2003 and Antivirus Software.
  • Site Server Gatherer temporary directory (:\Windows\Temp\Gthrsvc), if it exists.


Exclude the Temp folders when the following Symantec products are installed
These folders should be excluded from Realtime Protection, Scheduled Scans, and Manual Scans.


WARNING: The exclusion of these Temp folders is critical to the operation of the products. Each product uses its temp folder as a processing folder. If the temp folders are not excluded from file system scanning, the antivirus programs may conflict and cause unexpected behavior, including potential data loss.


  • Symantec Mail Security 5.0 for Microsoft Exchange
    :\Program Files\Symantec\SMSMSE\5.0\Server\Temp
    :\Program Files\Symantec\SMSMSE\5.0\Server\Quarantine
  • Symantec Mail Security 4.6 for Microsoft Exchange
    :\Program Files\Symantec\SMSMSE\4.6\Server\Temp
    :\Program Files\Symantec\SMSMSE\4.6\Server\Quarantine
  • Symantec Mail Security 4.5 for Microsoft Exchange
    :\Program Files\Symantec\SMSMSE\4.5\Server\Temp\
    :\Program Files\Symantec\SMSMSE\4.5\Server\Quarantine
  • Symantec Mail Security 4.0 for Microsoft Exchange
    :\Program Files\Symantec\SMSMSE\4.0\Server\Temp\
  • Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange
    :\Program Files\Symantec\SAVFMSE\Temp
  • Norton AntiVirus 2.x for Microsoft Exchange
    :\Program Files\NAVMSE\Temp


Creating the exclusions
The procedure for creating the exclusions depends on whether your Exchange servers are configured as unmanaged clients, managed clients, or servers. Click the icon to either expand ( ) or collapse ( ) the appropriate section:
    Hide details for Unmanaged clients
Unmanaged clients:
If the Exchange server is configured as an unmanaged client, you must configure all exclusions from within Symantec AntiVirus.

To configure exclusions for Realtime Protection from within Symantec AntiVirus
  1. Start Symantec AntiVirus.
  2. Click Configure, and then click File System Realtime Protection.
  3. Click Exclude selected files and folders.
  4. Click Exclusions.
  5. Check "Check file for exclusion before scanning."
  6. Click Files/Folders to create the exclusions.
  7. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  8. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the Temp folders when the following Symantec products are installed" section of this document.

To configure exclusions for a scheduled scan from within Symantec AntiVirus
  1. Start Symantec AntiVirus.
  2. Click Scheduled Scans.
  3. Create a new scan, or select the scan you wish to configure, and click Next twice.
  4. Select the drives, folders, or files to scan.
  5. In the lower-right corner, click Options.
  6. Click Exclude files and folders.
  7. Click Exclusions.
  8. Check "Check file for exclusion before scanning."
  9. Click Files/Folders to create the exclusions.
  10. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  11. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the Temp folders when the following Symantec products are installed" section of this document.

To start a manual scan with the appropriate exclusions from within Symantec AntiVirus
  1. Start Symantec AntiVirus.
  2. Click Scan, and then click Scan Computer.
  3. Select the drives, folders, or files to scan.
  4. In the lower-right corner, click Options.
  5. Click Exclude files and folders.
  6. Click Exclusions.
  7. Check "Check file for exclusion before scanning."
  8. Click Files/Folders to create the exclusions.
  9. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  10. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the Temp folders when the following Symantec products are installed" section of this document.

    Hide details for Managed clients
Managed clients
If the Exchange server is configured as a managed client in a client group that you have created specifically for Exchange servers, configure the exclusions through the Symantec System Center. Manual scans should be run from within Symantec AntiVirus, and should be configured there.


Note: The Exchange server should not be configured as a managed client unless it is in a client group specifically for Exchange servers. For more information, read the document Best practice for Symantec AntiVirus Corporate Edition realtime protection running on the Microsoft Exchange Server.

To configure exclusions for Realtime Protection from the Symantec System Center
  1. Start the Symantec System Center, and unlock the server group.
  2. Under Groups, right-click the client group, and then click All Tasks > Symantec AntiVirus > Client Realtime Protection Options.
  3. Check "Exclude selected files and folders," and click the lock icon so that it appears as locked.
  4. Click Exclusions.
  5. Check "Check file for exclusion before scanning," and click the lock icon so that it appears as locked.
  6. Click Files/Folders to create the exclusions.
  7. Exclude all necessary Exchange folders by entering the full paths of each folder, one on each line.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  8. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the Temp folders when the following Symantec products are installed" section of this document.

To configure exclusions for a scheduled scan from the Symantec System Center
  1. Start the Symantec System Center, and unlock the server group.
  2. Under Groups, right-click the client group, and click All Tasks > Symantec AntiVirus > Scheduled Scans.
  3. Create a scheduled scan, or edit an existing one.
  4. Click Scan Settings.
  5. Click Options.
  6. Check "Exclude files and folders," and then click Exclusions.
  7. Check "Check file for exclusion before scanning," and click the lock icon so that it appears as locked.
  8. Click Files/Folders to create the exclusions.
  9. Exclude all necessary Exchange folders by entering the full paths of each folder, one on each line.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  10. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the Temp folders when the following Symantec products are installed" section of this document.

To start a manual scan with the appropriate exclusions from within Symantec AntiVirus
  1. Start Symantec AntiVirus.
  2. Click Scan, and then click Scan Computer.
  3. Select the drives, folders, or files to scan.
  4. In the lower-right corner, click Options.
  5. Click Exclude selected files and folders.
  6. Click Exclusions.
  7. Check "Check file for exclusion before scanning."
  8. Click Files/Folders to create the exclusions.
  9. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  10. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the Temp folders when the following Symantec products are installed" section of this document.

    Hide details for Servers
Servers
If the Exchange server is configured as a Symantec AntiVirus server, configure the exclusions through the Symantec System Center. Manual scans should still be run from within Symantec AntiVirus.

To configure exclusions for Realtime Protection from the Symantec System Center
  1. Start the Symantec System Center, and unlock the server group.
  2. Right-click the Exchange server, then click All Tasks > Symantec AntiVirus > Server Realtime Protection Options.
  3. Click Exclusions.
  4. Check "Check file for exclusion before scanning."
  5. Click Files/Folders to create the exclusions.
  6. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  7. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the Temp folders when the following Symantec products are installed" section of this document.

To configure exclusions for a scheduled scan from the Symantec System Center
  1. Start the Symantec System Center, and unlock the server group.
  2. Right-click the server group, and click All Tasks > Symantec AntiVirus > Scheduled Scans.
  3. Create a scheduled scan, or edit an existing one.
  4. Click Scan Settings.
  5. Select the drives, folders, or files to scan.
  6. Click Options.
  7. Check "Exclude files and folders," and then click Exclusions.
  8. Check "Check file for exclusion before scanning."
  9. Click Files/Folders to create the exclusions.
  10. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  11. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the Temp folders when the following Symantec products are installed" section of this document.

To start a manual scan with the appropriate exclusions from within Symantec AntiVirus
  1. Start Symantec AntiVirus.
  2. Click Scan, and then click Scan Computer.
  3. Select the drives, folders, or files to scan.
  4. In the lower-right corner, click Options.
  5. Click Exclude files and folders.
  6. Click Exclusions.
  7. Check "Check file for exclusion before scanning."
  8. Click Files/Folders to create the exclusions.
  9. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  10. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the Temp folders when the following Symantec products are installed" section of this document.


Notes:
  • To ensure that exclusions set at the server group and client group levels are distributed correctly to managed clients, use build 8.01.440 (MR4) or 8.1.1.314a (MR1), or a later release.
  • Symantec recommends configuring Microsoft Exchange servers as managed clients, and adding those clients to a unique client group, as described in the Managed Clients section.
  • If you are using Symantec AntiVirus Corporate Edition 8.0 build 374 (the original build of Symantec AntiVirus Corporate Edition 8.0), omit the backslash when excluding drive M. With all other builds of Symantec AntiVirus, use the backslash (that is, use M:\ as opposed to M:).





References
For additional information, read the document Best practices for Symantec AntiVirus Corporate Edition 8.x realtime protection running on the Microsoft Exchange Server.





Legacy ID



2002090916040948


Article URL http://www.symantec.com/docs/TECH99907


Terms of use for this information are found in Legal Notices