On-access scanning is triggered at the Gateway or every time email messages are accessed, to determine if an item is detected by the on-access policy. On-access scanning is also known as real-time scanning.
Each scan has its own benefit based on the Exchange server role where
MSME is installed. This table helps you understand the types of scan, its function, and when each scan is applicable:
Exchange Server role
|
Applicable policies
|
Scan type
|
Description
|
Edge Transport or Hub Transport
|
|
On-Access Transport scan
|
Scans for threats before it reaches the Mailbox server. By enabling this,
MSME can detect threats at the perimeter of your organization and thus reduce the load on the Mailbox server.
|
Mailbox
|
|
On-Access VSAPI scan
|
Scans for threats when an email is accessed by the user with an email client such as Outlook.
|
Proactive scan
|
Scans for threats before an email is written to the Microsoft Exchange Information Store.
|
Outbox scan
|
Scans for threats in an email that is in the Outbox folder.
|
Background scan
|
A low-priority scan which scans for threats on all Exchange databases in the background.
|
From the
General section, define an action to take when a scan failure occurs.
A scan failure can occur for any of these reasons:
• | On Generic failure — Scanner is not able to scan a particular file.
|
• | On Product failure — Scanning fails due to incorrect DAT or engine, or incorrect spam rules.
|
Some of the reasons might be due to technical issues such as:
• | Scan timeout
| • | DAT issues
|
• | Scan Engine failed to load
| • | Incorrectly formatted emails
|
For example, if there is a DAT mismatch in the registry and actual location (\bin\DATs), a scan failure will occur.
If there is a scan failure, an action will be triggered based on the settings specified under
.
Option definitions
Option
|
Definition
|
On Generic Scan Failure
|
• | Allow Through — Allows the email message to the intended recipient, when a scan failure occurs.
|
• | Remove — Removes the email message, when a scan failure occurs.
|
|
On Product Scan Failure
|
• | Allow Through — Allows the email message to the intended recipient, when a scan failure occurs.
|
• | Remove — Removes the email message, when a scan failure occurs.
|
|
| McAfee recommends that you always set this option to
Allow Through to avoid legitimate emails being quarantined should a scan failure occur. By default, this option is set to
Allow Through, so that emails are not lost during a scan failure.
|
|
The other categories in the
On-Access Settings page are:
• |
Microsoft Virus Scanning API (VSAPI)
|
• |
Background Scan Settings
|
• |
Transport Scan Settings
|
In Transport Scan Settings, you can exclude emails with the defined size for scanning. When enabled, the default file size to exclude is 4 MB.
| For more information on the types of scan, see
McAfee KnowledgeBase article
KB51129.
|