48
Kaspersky Security 5.5 for Microsoft Exchange Server 2003
E-mail messages stored on the server and the content of public folders are also
rescanned on a regular basis using the latest version of the anti-virus database (if
the background storage scan is enabled). The scan is performed in the
background mode and can be launched either automatically each time the anti-
virus database is updated, or according to the schedule, or manually (details see
section 6.6, page 62).
If the background scan mode is disabled, then the messages stored on the
server will be scanned only when the user requests a message, immediately
before the delivery.
When the background scan is enabled, the
Internal Application Management
Module
,
based on the settings configured, will receive from the Exchange server
all e-mail messages located in the public folders and protected storage areas. If
a message has not been analyzed using the latest anti-virus database, the
application will send it to the
Anti-Virus Scan Subsystem
for processing.
Objects’ processing in the background mode is performed in the same way as in
the traffic scan mode.
The application will analyze the body of the message and attached files of any
format.
It is to be noted that Kaspersky Security differentiates between simple objects (an
executable file, a message with a simple attachment) and containers (consisting
of several objects, for example, an archive or a message with any message
attached to it).
If necessary, you can define the list of objects that should not be scanned for
viruses. The following types of objects can be excluded from the scan scope: all
If the background scan mode is enabled for the application used on a
servers cluster, the background scan can start when the Microsoft
Exchange Server is moved from one cluster node to another.
Operation of the application in the background scan mode may slow
down the operation of Microsoft Exchange Server; therefore we do
not recommend using this type of protection frequently.
When scanning multiple-volume archives, Kaspersky Security treats
and processes each volume as a separate object. In this case, the
application can detect malicious code only if such code if fully located
in one of the volumes. If a virus is also divided into parts, then it can-
not be detected when only part of the data is loaded. In this situation,
the malicious code may propagate after the object is restored as one
entity.
Multiple-volume archives can be scanned after they are saved to the
hard drive by the anti-virus application installed on the user's com-
puter.