Well, that hook is actually gone. I can’t remember if it was removed in 2013
or 2016 – but it was when store.exe was rewritten to have a separate process
for each mailbox database.
Now, the ONLY mechanism to scan for viruses is via FrontEndTransport (incoming
or outgoing email messages) and EW
Reminds me of how Trend Micro reverse-engineered store.exe to hook their AV
product into the message stream in Exchange 5.x.
Of course now the hook into the message stream is exposed. Since 2k3 I believe.
Never did like brick-level backups; took longer and needed more storage.
From: listsad...@
