Microsoft KB Archive/238298

{|
 * width="100%"|

-

The information in this article applies to:


 * Microsoft Exchange Server, version 5.5

-

SUMMARY
This document describes a virus-scanning interface for the Exchange Server information store. The interface is implemented at a very low level in the information store, taking into account single instancing of both messages and attachments. This allows a virus-scanning implementation with high performance, but with risk to reliability (that is, the virus scanning implementation runs in-process with the information store).

Implementation
Microsoft only provides the virus-scanning interface; Microsoft does not intend to build a complete virus scanning solution. The interface can be implemented by third parties that specialize in virus-scanning products. These third-party vendors are responsible for all areas of setup, configuration, and administration.

Initialization
During information store initialization, specific third-party registry parameters are parsed: "HKLM\CurrentControlSet\Services\MSExchangeIS\VirusScan:"
 * Enabled (REG_DWORD) - Zero means disabled; non-zero means enabled.
 * Vendor (REG_SZ) - An eight-character string that identifies the vendor of the virus-scanning DLL. The comparison is case-insensitive.
 * Version (REG_DWORD) - Version of virus-scanning DLL. Range is 1 to 231. The information store marks attachments as scanned with this version number so that even replicated messages will be scanned only once.
 * Library (REG_SZ) - Full path to virus-scanning DLL.
 * Parameters (REG_SZ) - Input string passed to virus-scanning DLL on initialization.
 * OpenRetryDelay (REG_DWORD) - The time, in milliseconds, to wait on a request to open an attachment when a scan is in progress. Default value is 0.5 seconds.

NOTE: The Setup program for the virus-scanning DLL is responsible for creating and setting these registry keys appropriately. The Enabled, Vendor, and Version registry entries are parsed approximately every one minute for changes, and unloads and reloads if needed.

Scanning
The Anti-Virus (AV) solution scans all attachments when being both sent and received or requested from both MAPI-enabled and Internet Profile clients. This is done by monitoring specific attachment properties within the information store itself.

NOTE: To enable AV scanning for outbound SMTP attachments, a specific registry key must created to provide this functionality: HKLM\System\CCS\Services\MSExchangeIMC\Parameters

(ReRouteViaStore - REG_DWORD=1)

Disabling
To disable third-party functionality from running within the information store, you may either:
 * Stop the AV Solution using the vendor-provided graphical user interface (GUI).
 * Change the Enabled registry key value mentioned earlier to 0, thereby dynamically unloading.

Enabling the ReRouteViaStore registry entry forces all outbound SMTP messages through the information store, which may cause significant performance hits. Additional query words:

Keywords         : exc55 exc55sp3 Version          : winnt:5.5 Platform         : winnt Issue type       : kbhowto
 * }