Beware of AntiVirus on Exchange 20XX-

File-Level Antivirus Scanning on Exchange 2010    Applies to: Exchange Server 2010 SP1

Well we all know that Exchange files should be excluded from the AV Scan- Here is a good TechNet publication from MSFT.

In addition to excluding specific directories and processes, you should exclude the following Exchange-specific file name extensions in case directory exclusions fail or files are moved from their default locations.

Application-related extensions
  • .config
  • .dia
  • .wsb
Database-related extensions
  • .chk
  • .log
  • .edb
  • .jrs
  • .que
Offline address book-related extensions:
  • .lzx
Content Index-related extensions
.ci .wid .001
.dir .000 .002
Unified Messaging-related extensions
  • .cfg
  • .grxml
  • .dsc
  • .bin
  • .xml
Forefront Protection for Exchange Server–related extensions
.avc .dt .lst
.cab .fdb .mdb
.cfg .fdm .ppl
.config .ide .set
.da1 .key .v3d
.dat .klb .vdb
.def .kli .vdm

The file name extensions listed for Forefront Protection for Exchange Server are the signature files from various antivirus directory engines. In most cases, these file name extensions don’t change, but file name extensions may be added in the future as third-party antivirus vendors update their antivirus signature files.

Many file-level scanners now support the scanning of processes, which can adversely affect Microsoft Exchange if the incorrect processes are scanned. Therefore, you should exclude the following processes from file-level scanners.

Cdb.exe Microsoft.Exchange.Search.Exsearch.exe
Cidaemon.exe Microsoft.Exchange.Servicehost.exe
Clussvc.exe MSExchangeADTopologyService.exe
Dsamain.exe MSExchangeFDS.exe
EdgeCredentialSvc.exe MSExchangeMailboxAssistants.exe
EdgeTransport.exe MSExchangeMailboxReplication.exe
ExFBA.exe MSExchangeMailSubmission.exe
GalGrammarGenerator.exe MSExchangeRepl.exe
Inetinfo.exe MSExchangeTransport.exe
Mad.exe MSExchangeTransportLogSearch.exe
Microsoft.Exchange.AddressBook.Service.exe MSExchangeThrottling.exe
Microsoft.Exchange.AntispamUpdateSvc.exe Msftefd.exe
Microsoft.Exchange.ContentFilter.Wrapper.exe Msftesql.exe
Microsoft.Exchange.EdgeSyncSvc.exe OleConverter.exe
Microsoft.Exchange.Imap4.exe Powershell.exe
Microsoft.Exchange.Imap4service.exe SESWorker.exe
Microsoft.Exchange.Infoworker.Assistants.exe SpeechService.exe
Microsoft.Exchange.Monitoring.exe Store.exe
Microsoft.Exchange.Pop3.exe TranscodingService.exe
Microsoft.Exchange.Pop3service.exe UmService.exe
Microsoft.Exchange.ProtectedServiceHost.exe UmWorkerProcess.exe
Microsoft.Exchange.RPCClientAccess.Service.exe W3wp.exe

If you’re also deploying Forefront Protection for Exchange Server, exclude the following processes.

Adonavsvc.exe FscStatsServ.exe
FscController.exe FscTransportScanner.exe
FscDiag.exe FscUtility.exe
FscExec.exe FsEmailPickup.exe
FscImc.exe FssaClient.exe
FscManualScanner.exe GetEngineFiles.exe
FscMonitor.exe PerfmonitorSetup.exe
FscRealtimeScanner.exe ScanEngineTest.exe
FscStarter.exe SemSetup.exe