Search

All of Symantec All of Symantec Support Viruses & Risks Home & Home Office Small Business Enterprise Partners VERITAS

Question/Issue:
This document discusses how to prevent Symantec AntiVirus Corporate Edition (Symantec AntiVirus) 8.x from scanning the Microsoft Exchange directory structure to prevent problems with the Internet Mail Connector (IMC) or Information Store (IS).


Solution:
Symantec AntiVirus only protects the file system on an Exchange server and not Exchange server itself. The protection of the Exchange server is the role of a product like Symantec AntiVirus/Filtering for Microsoft Exchange. Certain folders must be excluded from scanning by Symantec AntiVirus. If Symantec AntiVirus scans the Exchange structure or the Symantec AntiVirus/Filtering temp folder, it can cause false positive virus detections, unexpected behavior on the Exchange server, or damage to the Exchange databases. This is true of all antivirus programs running on Exchange servers. For more information, read the Microsoft Knowledge Base article XGEN: Recommendations for Troubleshooting an Exchange Computer with Antivirus Software Installed - ID 245822.

The details in the following sections cover the folders that can be safely scanned or need to be excluded when Symantec AntiVirus or other Symantec products are installed.

Folders that file-system antivirus software can safely scan

• Exchsrvr\Address
• Exchsrvr\Bin
• Exchsrvr\Conndata
• Exchsrvr\Exchweb
• Exchsrvr\Res
• Exchsrvr\Schema
• Any additional directories which are not a part of a standard Exchange installation, and are not included in the list of directories (shown below) which are unsafe to scan

Folders to exclude when using file-system antivirus software
These folders should be excluded from Realtime Protection, Scheduled Scans, and Manual Scans.

---

WARNING:
A common mistake is to configure exclusions for Auto-Protect, but to forget to exclude scheduled scans and manual scans. All types of scans that run on the on the server must be excluded, or there is a risk of data loss on the server.

Another common mistake is to omit the paths to the folders that you want to exclude. For example, to exclude the Exchsrvr\Mdbdata folder, you would most likely exclude C:\Program Files\Exchsrvr\Mdbdata. Because Exchange folder locations can be configured differently, the paths here are given starting from the Exchsrvr folder.

---

---

Notes:
In both versions of Microsoft Exchange, the Tmp.edb file may be found in more than one location. Search for the file, and exclude it in any of the locations where it is found.

You can exclude single files from within Symantec AntiVirus, but not from within the Symantec System Center. This means that, with all versions, you must exclude Tmp.edb from within Symantec AntiVirus on the Exchange server.

---

Exchange 5.5

• Exchange databases (default location: Exchsrvr\Mdbdata)
• Exchange MTA files (default location: Exchsrvr\Mtadata)
• Exchange temporary files - Tmp.edb
• Additional log files (default location/name: Exchsrvr\Tracking.log)
• Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
• Inbox and Outbox for Internet Mail Connector (Exchsrvr\IMCDATA folder)
• Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv)
  

Exchange 2000

• The Installable File System (IFS) (default location: drive M)
• Exchange databases (default location: Exchsrvr\Mdbdata)
• Exchange MTA files (default location: Exchsrvr\Mtadata)
• Exchange temporary files: Tmp.edb
• Additional log files (default location: Exchsrvr\server_name .log)
• Virtual server folder (default location: Exchsrvr\Mailroot)
• Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
• Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv)
• Site Server Gatherer temporary directory (<drive>:\Winnt\Temp\Gthrsvc), if it exists.
  

Exchange 2003

• Exchange databases (default location: Exchsrvr\Mdbdata)
• Exchange MTA files (default location: Exchsrvr\Mtadata)
• Exchange temporary files: Tmp.edb
• Additional log files (default location: Exchsrvr\server_name .log)
• Virtual server folder (default location: Exchsrvr\Mailroot)
• Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
• Internet Information Service (IIS) system files (<drive>:\Windows\System32\Inetsrv)
• Working folder for message conversion .tmp files. (default location: Exchsrvr\Mdbdata)
  The location of this folder is configurable. For additional information, read the Microsoft Knowledge Base article 822936 - Message Flow to the Local Delivery Queue Is Very Slow.
• The temporary folder that is used in conjunction with offline maintenance utilities such as Eeseutil.exe. By default, this folder is the location from which you run the executable, but you can configure where you run the file from when you run the utility.
• The folder that contains the checkpoint (.chk) file.
  For information on the location of this file, read the Microsoft Knowledge Base article Overview of Exchange Server 2003 and Antivirus Software.
• Site Server Gatherer temporary directory (<drive>:\Windows\Temp\Gthrsvc), if it exists.

Exclude the Temp folders when the following Symantec products are installed
These folders should be excluded from Realtime Protection, Scheduled Scans, and Manual Scans.

---

WARNING: The exclusion of these Temp folders is critical to the operation of the products. Each product uses its temp folder as a processing folder. If the temp folders are not excluded from file system scanning, the antivirus programs may conflict and cause unexpected behavior, including potential data loss.

---

• Symantec Mail Security 5.0 for Microsoft Exchange
  <drive>:\Program Files\Symantec\SMSMSE\5.0\Server\Temp
  <drive>:\Program Files\Symantec\SMSMSE\5.0\Server\Quarantine
• Symantec Mail Security 4.6 for Microsoft Exchange
  <drive>:\Program Files\Symantec\SMSMSE\4.6\Server\Temp
  <drive>:\Program Files\Symantec\SMSMSE\4.6\Server\Quarantine
• Symantec Mail Security 4.5 for Microsoft Exchange
  <drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Temp\
  <drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Quarantine
• Symantec Mail Security 4.0 for Microsoft Exchange
  <drive>:\Program Files\Symantec\SMSMSE\4.0\Server\Temp\
• Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange
  <drive>:\Program Files\Symantec\SAVFMSE\Temp
• Norton AntiVirus 2.x for Microsoft Exchange
  <drive>:\Program Files\NAVMSE\Temp

Creating the exclusions
The procedure for creating the exclusions depends on whether your Exchange servers are configured as unmanaged clients, managed clients, or servers. Click the icon to either expand ( ) or collapse ( ) the appropriate section:

Unmanaged clients
Managed clients
Servers

---

Notes:

• To ensure that exclusions set at the server group and client group levels are distributed correctly to managed clients, use build 8.01.440 (MR4) or 8.1.1.314a (MR1), or a later release.
• Symantec recommends configuring Microsoft Exchange servers as managed clients, and adding those clients to a unique client group, as described in the Managed Clients section.
• If you are using Symantec AntiVirus Corporate Edition 8.0 build 374 (the original build of Symantec AntiVirus Corporate Edition 8.0), omit the backslash when excluding drive M. With all other builds of Symantec AntiVirus, use the backslash (that is, use M:\ as opposed to M:).

---

References:
For additional information, read the document Best practices for Symantec AntiVirus Corporate Edition 8.x realtime protection running on the Microsoft Exchange Server.

 

Document ID: 2002090916040948
Last Modified: 03/02/2006
Date Created: 09/09/2002
Operating System(s): Windows NT 4.0 SP6a, Windows 2000 Professional, Windows XP Professional Edition, Windows Server 2003 32-bit Edition
Product(s): Symantec AntiVirus Corporate Edition 8.0
Release(s): SAV 8.0, SAV 8.1

Site Index · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements