In general, don't scan the EXCHSRVR\*DATA folders, any folders holding your databases and transaction logs, or the SMTP virtual server directories.
Ed Crowley MCSE+Internet MVP Time Magazine's Person of the Year! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Dandy Sent: Wednesday, September 05, 2007 12:11 PM To: Exchange Discussions Subject: File based AV scanning on Exchange 2003 I'm preparing to install file based scanning on my Exchange 2003 server. I've gone through a couple of articles http://support.microsoft.com/kb/823166 and http://sophos.com/support/knowledgebase/article/12214.html I'd appreciate your help with some clarifications. 1) The MS article says "You may want to exclude the whole Exchsrvr folder from both on-demand file-level scanners and memory-resident file-level scanners." My server has several exchsrvr folders. Which one are they talking about? I'm guessing they mean Program Files\Exchsrvr but this isn't clear. 2) The MS article says "Exclude the folder that contains the checkpoint (.chk) file from memory resident file-level scanners and on-demand file-level scanners". I did a search for .chk files and found edb.chk present in %SystemRoot%\Security %SystemRoot%\System32\CatRoot2 %SystemRoot%\Software Distribution\DataStore\Logs C:\Program Files\exchsrvr\mdbdata and E00.chk in D:\exchsvr\mdbdata\StorageGroup1 and E01.chk in D:\exchsvr\mdbdata\StorageGroup2 All of these .chk files have fairly been modified in the last 24 hours. Do I need to exclude all of these directories? 3) The Sophos article says to exclude "The Exchange server Installable File System (IFS), usually the M: drive." I can't find this directory. Where is it? I don't seem to have any drive letters mapped. 4) The Sophos article says to exclude "The folder Exchsrvr\Imcdata". What's this? I can't find it either. Thanks for your help. Curt Finley _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
