Important This article contains information that shows you how to help
lower security settings or how to turn off security features on a computer. You
can make these changes to work around a specific problem. Before you make these
changes, we recommend that you evaluate the risks that are associated with
implementing this workaround in your particular environment. If you implement
this workaround, take any appropriate additional steps to help protect your
system.
Warning This workaround may make your computer or your network more
vulnerable to attack by malicious users or by malicious software such as
viruses. We do not recommend this workaround but are providing this information
so that you can implement this workaround at your own discretion. Use this
workaround at your own risk.
Note An antivirus program is designed to help protect your computer
from viruses. You must not download or open files from sources that you do not
trust, visit Web sites that you do not trust, or open e-mail attachments when
your antivirus program is disabled.
For additional information about computer
viruses, click the following article number to view the article in the
Microsoft Knowledge Base:
129972Computer viruses: description, prevention, and recovery
MORE INFORMATION
File-Based Antivirus Software
You can install file-based scanning antivirus software on an
Exchange computer. However, never run scanning against the program and database
files of an Exchange computer.
In addition, never run scanning
against the Installable File System (IFS) drive (drive M) of an Exchange 2000
server. If you do so, you might receive false reports of a virus and you might
damage Exchange 2000 databases when you attempt to disinfect the
file.
In Exchange 2000, drive M is a convenient label for the
Exchange IFS. The Exchange IFS enables you to view and use the Exchange
information store as a file system.
NOTE: Drive M can use a letter other than M. This drive is generally
referred to as drive M; however, if the letter M is already being used, this
drive uses another drive letter.
For additional information about issues that are
caused by antivirus scanning of drive M, click the following article number to
view the article in the Microsoft Knowledge Base:
299046
Calendar items disappear from user's folders
In some situations, you may experience additional
issues with the Exchange IFS.
For additional information, click
the following article number to view the article in the Microsoft Knowledge
Base:
305145
How to remove the IFS mapping for drive M in Exchange 2000 Server
If you need to run a file-based virus scanner on an
Exchange computer, remove the Exchange-specific files and folders from the
scheduled scans and real-time scanning. File-based scanning of Exchange 2000
executable files is supported.
IMPORTANT: Never run file-based scanning software against Exchange
databases, logs, temporary files, the IIS system files, or the IFS drive (drive
M). Configure antivirus software to avoid scanning the folders that contain
these files.
You can run file-based antivirus software against the
operating system of the Exchange computer and against Exchange program files
(the Exchsrvr\Bin folder), but never run file-based antivirus software against
files in the following folders:
- Exchange databases and log files.
- Exchange .mta files (default location: \Exchsrvr\Mtadata).
- Exchange message tracking log files (default location:
\Exchsrvr\Server_Name.log).
- Virtual server folders (default location:
\Exchsrvr\Mailroot).
- Site Replication Service (SRS) files (default location:
\Exchsrvr\Srsdata).
- Internet Information Service (IIS) system files (default
location: \%SystemRoot%\System32\Inetsrv).
- Internet Mail Connector files (default location:
\Exchsrvr\IMCData).
- The working folder that is used to store streaming
temporary files that are used for message conversion. By default, this working
folder is located at \Exchsrvr\MDBData.
- A temporary folder that is used in conjunction with offline
maintenance utilities such as Eseutil.exe. By default, this folder is the
location that you run the .exe files from, but you can configure this when you
run the utility.
You can run file-based scanning against the following folders:
- Exchsrvr\Address
- Exchsrvr\Bin
- Exchsrvr\Exchweb
- Exchsrvr\Res
- Exchsrvr\Schema
Temporarily disable file-based scanning software during
operating system and Exchange upgrades; this includes upgrading to new versions
of Exchange or the operating system, and applying any Exchange or operating
system fixes or service packs.
When you upgrade an Exchange or
operating system product, or apply a service pack or fix, it is standard
procedure to stop and disable all of the third-party services, hardware vendor
and operating system monitors, and any agents or Exchange monitors before you
perform the update or upgrade. Also stop and disable any performance monitors,
any Microsoft or third-party backup programs, and Microsoft Simple Network
Management Protocol (SNMP). Then restart the Exchange computer before you apply
the upgrade or fix. This procedure prevents files that the update process needs
to access from being locked.
IMPORTANT: This procedure also includes stopping and disabling any
antivirus programs (including file-based scanning antivirus software) before
you upgrade any version of Exchange or the operating system and before you
apply any Exchange or operating system service pack or fix.
Exchange Information Store Scanning Software
Microsoft provides application programming interfaces (APIs) that
give other manufacturers the ability to write antivirus programs that scan the
information store. If this type of software is running on your Exchange
computer and you are experiencing issues, research the issues and follow normal
troubleshooting procedures. If these procedures do not resolve the issue,
temporarily disable or remove the antivirus software to determine whether it is
contributing to the issue. If the antivirus software is not contributing to the
issue, you can re-enable the antivirus software.
If the issue stops
occurring after you disable or remove the antivirus software, contact the
manufacturer of the antivirus software for the most recent update. If the most
recent update of the software does not resolve the issue, continue working with
the antivirus software manufacturer and Microsoft to pursue a resolution to the
issue.
For additional information, click the following
article number to view the article in the Microsoft Knowledge Base:
241855
Information Store does not start with event ID 145
The third-party products that are
discussed in this article are manufactured by companies that are independent of
Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the
performance or reliability of these products.
Exclude
the folder that contains the checkpoint (.chk) files from file-based
scanners.
NOTE: Even if you move the Exchange databases and log files to new
locations, and you exclude those folders, the .chk file may still be scanned.
For more information
about what may occur if the .chk file is scanned, click the following article
number to view the article in the Microsoft Knowledge Base:
253111
Event: Unable to write a shadowed header for file
176239 Database won't start; circular logging deleted log file too soon