FILE QUARANTINED - Exchange 2007 Issues

email exchange-2007 windows-sbs-2008 microsoft-forefront
5,356

This (confusing) message is Forefront's way of saying that the virus scans are timing out. Do you have high CPU or I/O utilization on this server that may be making it difficult for Forefront to scan the e-mails in the default timeout period?

In any case, you can increase the timeout for the Realtime and Transport scans by navigating to the following registry key:

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server

You will need to create two DWORD value keys that specify the timeout, which by default is 300,000 milliseconds (5 minutes). Try a value of 600000 (10 minutes), and if you are still getting timeouts, try 900000 (15 minutes). The keys are:

RealtimeTimeout
TransportTimeout

I don't know off the top of my head the FSE service name that you'll need to bounce to load these registry settings once you add them, but a reboot will do the trick.

Two other thoughts...

1) In the FSE options, there is a Transport Scan Timeout Action option. If you set this setting to Skip, ForeFront will try to scan the message, and if it times out, will skip the message and move on to the next one. If it times out again the next time it trys to scan the message, it will be delivered without being scanned. On the bright side, you'll get the messages that aren't currently being delivered. On the down side, you could potentially have a virus make it through without being scanned.

2) To potentially reduce the load on your scanner (from page 88 of the guide below):

By default, Forefront Security for Exchange Server is configured to scan all attachments for viruses. To perform scans as quickly and efficiently as possible, however, Forefront Security for Exchange Server can be configured to only scan file attachments that can potentially contain viruses. It does this by first determining the file type and then by determining if that file type can be infected with a virus. Determining the file type is accomplished by looking at the file header and not by looking at the file extension. This is a much more secure method because file extensions can be easily spoofed. This check increases Forefront Security for Exchange Server performance while making sure no potentially infected file attachments pass without being scanned. If you would like Forefront Security for Exchange Server to only scan attachments that can potentially be infected with a virus, set the registry key ScanAllAttachments to 0.

Reference: Forefront Server Security User's Guide (p. 81 and 88). There's actually a lot of good (and deep) informaiton in this guide, but it is 183 pages long. Read it if you have trouble sleeping ;)

P.S. If you feel uncomfortable in doing any of the above by yourself, create a support incident with Microsoft and have a Support Engineer walk you through the process: https://support.microsoft.com/oas/default.aspx?gprid=13231&st=1

Share:
5,356

Related videos on Youtube

MikeT505
Author by

MikeT505

I'm an enthusiastic guy, looking to learn and spread IT Knowledge :-)

Updated on September 17, 2022

Comments

  • MikeT505
    MikeT505 almost 2 years

    The original contents of this file have been replaced with this message because of its characteristics. File name: 'Body of Message' Virus name: 'Exceeded Internet Timeout'

    I keep receiving this message on all mail, both internal and externally received email. I'm not sure what is causing this, any pointers?

    I'm running MS Small Business Server 2008, with their Exchange Forefront mail scanner at the moment.

    • Admin
      Admin over 14 years
      What OS? What AV? What versions of each? Please provide more information.
    • MikeT505
      MikeT505 over 14 years
      Sorry, dropped in an edit

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SBS 2008 pop 3 connector won't download emails
How do i create a user who only has access to exchange email?
Can one Exchange 2007 user have multiple distinct mailboxes?
Exchange 2007 can not send email to the Internet
Exchange 2007 Email Error 451 4.7.0 Timeout waiting for client input
Setup fetchmail to pull from Exchange IMAP
Windows SBS 2008 to Windows Server 2012 migration
Windows Small Business Server 2008 and Exchange 2010
Exchange 2007 - EWS not working, Exchange.asmx logging 500 errors
Exchange Messages Undeliverable after Name Change