SEMblog
Microsoft Exchange Server and
Blackberry Enterprise Server news, views and fixes.
As you should be aware, certain directories on an Exchange server should be excluded from scanning by antivirus products.
These are Microsoft's recommendations on which directories those should be:
Exchange 2007: http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx
Exchange 2003: http://support.microsoft.com/kb/823166/
Exchange 2000: http://support.microsoft.com/kb/328841/
However if you have setup the AV software as per the recommendations, how do you know that it is working, or more importantly it is not scanning things you have told it to exclude?
The best way to do this is to use the EICAR test file. This is a standard file that all AV vendors support that can be used to simulate alerts.
You can download the file from here: http://www.eicar.org/anti_virus_test_file.htm
Simply copy the file in to the same directories as your Exchange databases or whatever else you have asked the AV product to exclude. If it is ever detected then the AV product is scanning things that it shouldn't be.
If you have set the product to exclude file types instead (For example edb files) then change the extension to edb. If the AV product has been configured correctly and is following that configuration then it should ignore it.
Of course the problem will be putting the file in place initially, particularly if you have already deployed the AV software. In that case setup a directory exclusion on a special directory for the purpose and create the EICAR file there instead. After copying the file to the relevant location, delete the exclusion.