With viruses spreading quick out there today, we had several cases where Exchange transaction logs got either deleted, quarantined or “cured” by file-level anti-virus software that is running on Exchange servers… the result is a bad thing… stores down, transaction logs missing. In some cases the only thing you can do is go back to the last backup if one that is good is available. Otherwise – you are looking at possible repair (= data loss) + Isinteg (maybe 2-3 times) + mandatory offline defrag = a lot of time that is lost :(
Please, do not let Exchange directories be scanned by file-level AV. Not “on-demand” one, not the memory resident one. Have Exchange directories excluded, the M: drive excluded, and actually – exclude specifically .log, .edb and .stm files too just to be extra careful. To be more specific, excluding the following on Exchange server is a GREAT idea:
- Exchange databases and log files. By default, these are located in the Exchsrvr\Mdbdata folder. You can verify the locations by pulling up properties of your databases in ESM and checking the Database tab.
- Exchange MTA files in the Exchsrvr\Mtadata folder.
- Additional log files such as the Exchsrvr\server_name.log file.
- The Exchsrvr\Mailroot virtual server folder.
- The working folder that’s used to store streaming temporary files used for message conversion. By default, this folder is located at \Exchsrvr\MDBData, but you can configure the location.
- The temporary folder that is used in conjunction with offline maintenance utilities such as Eseutil.exe. By default, this folder is the location where the .exe file is run from, but you can configure where you run the file from when you run the utility.
- Site Replication Service (SRS) files in the Exchsrvr\Srsdata folder.
- Microsoft Internet Information Service (IIS) system files in the %SystemRoot%\System32\Inetsrv folder.
- The Exchange 2000 Server drive M.
More appropriate reading:
- 328841 XADM: Exchange and Antivirus Software
- 823166 Overview of Exchange Server 2003 and Antivirus Software