Many thanks, I will give that a go.

I have been hunting through the manual for that and could not find it.

Regards,

Julian

Hi,

I'd definitely not do that but rather made sure which process is sending mails on port 25 and I'd put it on the exclusion list of the given rule, if necessary, which makes the entries go away for that partiticular process. To the contrary, I'd enable block and report for this rule and make just exclusions if necessary.

If you disable reporting you will never know of any malware sending spam from your client.

On the other hand please go thorugh the Access Protection policy for your clients and change to "block and report" any report-only rule.

It is not meaningful to use report-only rules in production (as opposed to testing a rule) just as to use block-only rules.

It is a different thing to decide which rules to use at all, but I recommend never use single action rule in production, only both actions.

Attila

Hi Attila,

I see the logic in that but how do I set an exclusion to allow the Exchange server to send correct emails if I keep the mass mailing worm rule?

This particular policy is only for the Exchange machine.

Thanks,

Julian

Hi Julian,

"simply" by looking at the AccessProtectionLog.txt on the Exchange server when you made an attempt to send an email using that server. It then should indicate the process name that was blocked.

Then this process name should be added to the exclusion list of the Access Protection rule in the virusscan policy that applies to this Exchange server and that's it. Next time that process is allowed to access port 25.

(just between parentheses: I'm surprised to hear that a process like that is not automatically included in the factory VSE package)

Attila

Thanks, that will be edgetransport.exe then. It is starnge that other exclusions already exist but that one does not.

I will try this and see what happens.

Regards,

Julian

Julian,

Attila is 100% right here, Exclude the process Not the rule.And if you could possible let me know your OS version and Exchange version, I will some recommended exclusion as well.,

Regds

Alxn

Alxn,

Atilla's soultion is working - many thanks!

I am running Exchange 2007 on a Windows Server 2003 R2 machine. I have found the recomended exclusions but they didnt help with this one!

Regards,

Julian

Great!  Julian!!You got the solution.

But  Recommended exclusion must be made to increase the performance and to prevent files to be currupted.

I would example, let's say if Exchange is processing any file and mean while OAS comes and locked the file for scanning then that file will be currupted and can cause serious issues to exchange server, SO I would suggest you to apply the recommended exclusions as well.

Regards

Alexn