Antivirus and Exchange 2007
Using powershell to move offline address book to another server
July 22, 2009Exchange Management Shell to create a new public folder database
July 24, 2009What folders should be excluded?
Mailbox Server Role:
You must exclude specific directories for each Exchange server or server role on which you run a file-level antivirus scanner. This section describes the directories that you should exclude from file-level scanning for each server or server role.
- Mailbox server role
- Exchange databases, checkpoint files, and log files across all storage groups. By default, these are located in sub-folders under the %Program Files%MicrosoftExchange ServerMailbox folder. You can obtain the directory location by running the following commands in the Exchange Management Shell:
- To determine the location of a transaction log and checkpoint file, run the following command:
Get-StorageGroup -server <servername>| fl *path* - To determine the location of a mailbox database, run the following command:
Get-MailboxDatabase -server <servername>| fl *path* - To determine the location of a public folder database, run the following command:
Get-PublicFolderDatabase -server <servername>| fl *path*
- To determine the location of a transaction log and checkpoint file, run the following command:
- Database content indexes. By default, these are located in storage group sub-folders under the %Program Files%MicrosoftExchange ServerMailbox folder.
- General log files, such as message tracking log files. These files are located in subfolders under the %Program Files%MicrosoftExchange ServerTransportRolesLogs folder and %Program Files%MicrosoftExchange ServerLogging folder. To determine the log paths being used, run the following command in the Exchange Management Shell:
Get-MailboxServer <servername>| fl *path* - The Offline Address Book files that are located in subfolders under the %Program Files%MicrosoftExchange ServerExchangeOAB folder
- IIS system files in the %SystemRoot%System32Inetsrv folder
- The temporary folder that is used with offline maintenance utilities, such as Eseutil.exe. By default, this folder is the location where the .exe file is run from. However, you can configure where you perform the operation from when you run the utility.
- The temporary folders that are used to perform conversions:
- Content conversions are performed in the server’s TMP folder.
- OLE conversions are performed in %Program Files%MicrosoftExchange ServerWorkingOleConvertor folder.
- The Mailbox database temporary folder: %Program Files%MicrosoftExchange ServerMailboxMDBTEMP
- Any Exchange-aware antivirus program folders
Clustered Mailbox Server Role:
All the items listed in the Mailbox server role list, and the following:
- The quorum disk and the %Winnt%Cluster folder
- The file share witness. This is located on another server in the environment, typically a Hub transport server.
Hub Transport Server Role:
Get-TransportServer <servername>| fl *logpath*,*tracingpath*Get-TransportServer <servername>| fl *dir*path* - Content conversions are performed in the server’s TMP folder.
- OLE conversions are performed in %Program Files%MicrosoftExchange ServerWorkingOleConvertor folder.
Edge Transport Server Role:
Get-TransportServer <servername>| fl *logpath*,*tracingpath*Get-TransportServer <servername>| fl *dir*path* - Content conversions are performed in the server’s TMP folder.
- OLE conversions are performed in %Program Files%MicrosoftExchange ServerWorkingOleConvertor folder.
Client Access Server Role:
For more information, see the Microsoft Knowledge Base article, IIS 6.0: Antivirus Scanning of IIS Compression Directory May Result in 0-Byte File.
Unified Messaging Server Role:
Forefront Security Server for Exchange role:
Microsoft Forefront Security for Exchange server on single copy clusters:
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftForefront Server SecurityExchange ServerDatabasePath
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.
Which processes should be excluded?
| Cdb.exe | Microsoft.Exchange.Search.Exsearch.exe |
| Cidaemon.exe | Microsoft.Exchange.Servicehost.exe |
| Cluster.exe | Msexchangeadtopologyservice.exe |
| Dsamain.exe | Msexchangefds.exe |
| Edgecredentialsvc.exe | Msexchangemailboxassistants.exe |
| Edgetransport.exe | Msexchangemailsubmission.exe |
| Galgrammargenerator.exe | Msexchangetransport.exe |
| Inetinfo.exe | Msexchangetransportlogsearch.exe |
| Mad.exe | Msftefd.exe |
| Microsoft.Exchange.Antispamupdatesvc.exe | Msftesql.exe |
| Microsoft.Exchange.Contentfilter.Wrapper.exe | Oleconverter.exe |
| Microsoft.Exchange.Cluster.Replayservice.exe | Powershell.exe |
| Microsoft.Exchange.Edgesyncsvc.exe | Sesworker.exe |
| Microsoft.Exchange.Imap4.exe | Speechservice.exe |
| Microsoft.Exchange.Imap4service.exe | Store.exe |
| Microsoft.Exchange.Infoworker.Assistants.exe | Transcodingservice.exe |
| Microsoft.Exchange.Monitoring.exe | Umservice.exe |
| Microsoft.Exchange.Pop3.exe | Umworkerprocess.exe |
| Microsoft.Exchange.Pop3service.exe | W3wp.exe |
If Forefront is being deployed exclude these as well:
| Adonavsvc.exe | Fscstatsserv.exe |
| Fsccontroller.exe | Fsctransportscanner.exe |
| Fscdiag.exe | Fscutility.exe |
| Fscexec.exe | Fsemailpickup.exe |
| Fscimc.exe | Fssaclient.exe |
| Fscmanualscanner.exe | Getenginefiles.exe |
| Fscmonitor.exe | Perfmonitorsetup.exe |
| Fscrealtimescanner.exe | Scanenginetest.exe |
| Fscstarter.exe | Semsetup.exe |
Extensions that can also be excluded in case any of the above items are moved to another directory:
- Application-related extensions
-
- .config
- .dia
- .wsb
- Database-related extensions
-
- .chk
- .log
- .edb
- .jrs
- .que
- Offline Address Book-related extensions:
-
- .lzx
- Content Index-related extensions
-
.ci .wid .001 .dir .000 .002
- Unified Messaging-related extensions
-
- .cfg
- .grxml
- ForeFront Security for Exchange Server–related extensions
-
.avc .dt .lst .cab .fdb .mdb .cfg .fdm .ppl .config .ide .set .da1 .key .v3d .dat .klb .vdb .def .kli .vdm
