Information Store Protection
Use the Virus Scanning Engines to scan the Microsoft® Exchange mailbox databases and public folders for viruses.
GFI MailEssentials can scan the Microsoft Exchange Information Store using two different protocols:
| Protocol | Exchange versions | Description |
|---|---|---|
| Exchange Web Services (EWS) |
|
Information Store protection via Exchange Web Services retrieves email attachments from the Information Store via a predefined schedule. Attachments are then scanned by the Virus Scanning Engines and if malware is found, the attachment is removed from the email in the mailbox. GFI MailEssentials does not have to be installed on the Microsoft Exchange server to use EWS. NOTES:
|
| Virus Scan API (VSAPI) |
|
VSAPI scans emails before these are stored in the Information Store, ensuring that malware is filtered out immediately before reaching the Information Store. VSAPI requires that GFI MailEssentials is installed on the Microsoft Exchange server. On a Microsoft® Exchange Server 2010 machine, the Mailbox Server Role and Hub Transport Server Role are required. NOTE: GFI MailEssentials cannot scan the Information Store if any other software is registered to use the Microsoft® Exchange VSAPI. |
NOTE
Information Store Protection is only available when GFI MailEssentials is installed in Active Directory or Remote Active Directory modes. It is not available in SMTP mode or GFI Directory mode.
To enable Information Store Scanning and configure the scanning protocol:
- Go to Email Security > Information Store Protection.
Information Store Protection node when both EWS & VSAPI are available
- From Information Store Virus Scanning tab, select Enable Information Store Virus Scanning.
- When GFI MailEssentials is installed on Microsoft Exchange 2010 with Mailbox Server and Hub Transport Server Roles, choose the protocol to use for scanning the Information Store - VSAPI or Exchange Web Services.
- In the other tabs, configure the protocol options. Refer to VSAPI Settings or Exchange Web Servies (EWS) Settings
- Click Apply.
The status of the Virus Scanning Engines used to scan the Information Store is displayed in the table.
To disable a particular antivirus engine from Information Store Scanning, navigate to the Virus Scanning Engines page, select the antivirus engine and disable Scan Internal and Information Store Items.
Exchange Web Services (EWS) Settings
- Go to the EWS Settings tab.
- Configure the settings used to connect to Microsoft Exchange. EWS uses the Exchange account configured in the Switchboard to connect to the Information Store. For more information refer to Set a Microsoft® Exchange account.
| Option | Description |
|---|---|
| Microsoft Exchange Server URL |
Choose Auto-Discovery to allow GFI MailEssentials to automatically find your Microsoft Exchange server. If Exchange is not discoverable, choose Manual to key in the Exchange Web Services (EWS) URL manually. The URL is usually composed in the following syntax: https://<Exchange Hostname>/EWS/Exchange.asmx NOTE: The Exchange Web Services (EWS) URL can also be retrieved by running this command in Exchange Management Shell: Get-WebServicesVirtualDirectory |Select name, *url* | fl |
| Test |
Click to ensure that GFI MailEssentials can connect to the Microsoft Exchange Information Store using the provided details. |
| Scan Public Folders |
Select to also scan items in Public Folders. |
| Simultaneous mailbox scans | Define the number of mailboxes to scan at the same time. The default number of simultaneous mailboxes is 1. Defining a higher number uses more system resources for scanning, but more items can get scanned in a shorter time. |
- In the Scanning Schedule area, define a schedule when to run Information Store Scanning. When the schedule is on, GFI MailEssentials goes through items that were not scanned in each mailbox. On scanning all new items in a mailbox, it starts scanning the next mailbox. When all mailboxes are scanned, it restarts scanning new items in the first mailbox again and repeats the process until the schedule is turned off. Choose the type of schedule to run:
- Continuous scanning - Run Information Store Protection via EWS without pause.
- Timed interval - Run scans in a defined schedule. Choose Daily to run scan everyday or On the following day(s) to run scan on selected days only. Define the time when to run the scan and the duration of the scan in hours.
NOTE
Scanning via EWS can be time consuming and uses considerable system resources, so it is recommended to run scans during off-peak hours only.
- In the Excluded Mailboxes area, add any mailboxes which you do not want the Information Store Protection to scan.
- Click Apply.
VSAPI Settings
- Go to the VSAPI Settings tab.
- (Optional) Select Enable background scanning to run Information Store Scanning in the background.
WARNING
Background scanning causes all the contents of the Information Store to be scanned. This can result in a high processing load on the Microsoft® Exchange server depending on the amount of items stored in the Information Store. It is recommended to enable this option only during periods of low server activity such as during the night.
- Select a VSAPI scan method:
| Scan Method | Description |
|---|---|
| On-access scanning | New items in the Information Store are scanned as soon as they are accessed by the email client. This introduces a short delay before the email client displays the contents of a new message. |
| Pro-active scanning |
New items added to the Information Store are added to a queue for scanning. This is the default and recommended mode of operation, since in general the delay associated with on-access scanning is avoided. NOTE If an email client tries to access an item that is still in the queue, it allocates a higher scanning priority so that it is scanned immediately. |
- Click Apply.