Strange Configurations and how they impact your servers.

We have had a few strange detection issues last week due to some non-standard configurations.

1. Spam filtering not working for User X

This one was due to a setting in content filtering.

There is a setting called AntispamBypassEnabled  for each user.

In forefront the agent log will show a content bypass enabled, skipping for every mail to that user.

You can find and fix this setting by doing the following…

 

[PS] C:>get-mailbox USERMAILBOXNAME | fl *spam*,*

SCL AntispamBypassEnabled : False

SCLDeleteThreshold :

SCLDeleteEnabled :

SCLRejectThreshold :

SCLRejectEnabled :

SCLQuarantineThreshold :

SCLQuarantineEnabled :

SCLJunkThreshold :

SCLJunkEnabled :

The above settings will bypass organization level settings.

In this case, the user was set to true for bypass. So nothing got deleted or rejected or put in junk.

2. The next issue was a customer that had everything up and running but no scanning on real-time.

There is a per-database setting for VSAPI. You can find the keys in the following registry locations.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\EXCHANGE-SERVERNAME\DATABASENAME-GUID-OF-YOUR-DATABASE]

"VirusScanEnabled"=dword:00000000

"VirusScanProactiveScanning"=dword:00000000

0 = no scanning

1= scanning