The original contents of this file have been replaced with this message because of its characteristics.
File name: ‘Body of Message’
Virus name: ‘Exceeded Internet Timeout’I keep receiving this message on all mail, both internal and externally received email. I’m not sure what is causing this, any pointers?
I’m running MS Small Business Server 2008, with their Exchange Forefront mail scanner at the moment.
Answer
This (confusing) message is Forefront’s way of saying that the virus scans are timing out. Do you have high CPU or I/O utilization on this server that may be making it difficult for Forefront to scan the e-mails in the default timeout period?
In any case, you can increase the timeout for the Realtime and Transport scans by navigating to the following registry key:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server
You will need to create two DWORD value keys that specify the timeout, which by default is 300,000 milliseconds (5 minutes). Try a value of 600000 (10 minutes), and if you are still getting timeouts, try 900000 (15 minutes). The keys are:
RealtimeTimeout
TransportTimeout
I don’t know off the top of my head the FSE service name that you’ll need to bounce to load these registry settings once you add them, but a reboot will do the trick.
Two other thoughts…
1) In the FSE options, there is a Transport Scan Timeout Action option. If you set this setting to Skip, ForeFront will try to scan the message, and if it times out, will skip the message and move on to the next one. If it times out again the next time it trys to scan the message, it will be delivered without being scanned. On the bright side, you’ll get the messages that aren’t currently being delivered. On the down side, you could potentially have a virus make it through without being scanned.
2) To potentially reduce the load on your scanner (from page 88 of the guide below):
By default, Forefront Security for
Exchange Server is configured to scan
all attachments for viruses. To
perform scans as quickly and
efficiently as possible, however,
Forefront Security for Exchange Server
can be configured to only scan file
attachments that can potentially
contain viruses. It does this by first
determining the file type and then by
determining if that file type can be
infected with a virus. Determining the
file type is accomplished by looking
at the file header and not by looking
at the file extension. This is a much
more secure method because file
extensions can be easily spoofed. This
check increases Forefront Security for
Exchange Server performance while
making sure no potentially infected
file attachments pass without being
scanned. If you would like Forefront
Security for Exchange Server to only
scan attachments that can potentially
be infected with a virus, set the
registry key ScanAllAttachments to
0.
Reference: Forefront Server Security User’s Guide (p. 81 and 88). There’s actually a lot of good (and deep) informaiton in this guide, but it is 183 pages long. Read it if you have trouble sleeping 😉
P.S. If you feel uncomfortable in doing any of the above by yourself, create a support incident with Microsoft and have a Support Engineer walk you through the process: https://support.microsoft.com/oas/default.aspx?gprid=13231&st=1
Attribution
Source : Link , Question Author : MikeT505 , Answer Author : Sean Earp
