On-demand mailbox database scan
If you are running Microsoft Exchange Server 2010, you can choose between Mailbox database protection and On-demand mailbox database scan. Only one protection type can be active at a time. If you decide to use On-demand mailbox database scan you must disable the integration of Mailbox database protection in Advanced setup (F5) under Server. Otherwise, On-demand mailbox database scan will not be available. |
•Host address—Name or IP address of the server running EWS (Exchange Web Services).
•Username—Specify the credentials of a user that has appropriate access to EWS.
•User password—Click Set next to User password and type the password for this user account.
To scan Public folders, the user account used for On-demand mailbox database scan must have a mailbox. Otherwise, Failed to load public folders will be displayed in the Database scan log, along with a more specific message returned by Exchange. |
Mailbox access method—Allows you to select your preferred mailbox access method:
•Impersonation—Easier and faster setup is ApplicationImpersonation role which has to be assigned to the scanning account.
Assign ApplicationImpersonation role to a user
If this option is unavailable, you must specify a Username. Click Assign to automatically assign the ApplicationImpersonation role to the selected user. Alternatively, you can assign the ApplicationImpersonation role manually to a user account. A new unlimited EWS Throttling Policy is created for the user account. For more information, see Database scan account details.
•Delegation—Use this access type if you want to require access rights on individual mailboxes and can provide higher speeds when scanning large amounts of data.
Assign delegated access to a user
If this option is unavailable, you must specify a Username. Click Assign to automatically grant the selected user full access to all user and shared mailboxes. A new unlimited EWS Throttling Policy is created for the user account. For more information, see Database scan account details.
Use SSL
SSL must be enabled if EWS is set to Require SSL in IIS. If SSL is enabled, the Exchange Server certificate must be imported on the system with ESET Mail Security (if Exchange Server roles are on different servers). Settings for EWS can be found in IIS under Sites/Default website/EWS/SSL Settings.
Disable Use SSL only if you have EWS configured in IIS to not Require SSL. |
Ignore server certificate error
If you are using a self-signed certificate, you can ignore the server certificate error.
Client certificate
Must be set only if EWS requires a client certificate. Click Select to select a certificate.
Action to take if cleaning not possible—This action field allows you to block infected content.
•No action—Take no action on the infected content of the message.
•Move message to trash—Is not supported for Public folder items, the Delete object action will be applied instead.
•Delete object—Deletes infected content of the message.
•Delete message—Delete the entire message, including its infected content.
•Replace object with action information—Removes an object and includes information about the object that was removed.
Action to take on a phishing message:
•No action—Keep the message even if it is marked as phishing.
•Move message to trash—Is not supported for Public folder items, the Delete object action will be applied instead.
•Delete message—Delete the entire message, including its infected content.
Number of scan threads
You can specify how many threads ESET Mail Security should use during the database scan. The higher the number, the better the performance. However, an increase in performance uses more resources. Fine-tune this setting to the desired value according to your requirements. The default value is set to 4 scan threads.
If you configure On-demand mailbox database scan to use too many threads, it may put too much of a load on your system, which might slow down other processes or even the whole system. You may encounter an error message saying, "Too many concurrent connections opened." |
Visible only if you have a Microsoft 365 hybrid environment.
User account for scanning a public folder
If you want to scan public folders, provide a principal user account name (password not required) for impersonation. Ensure the configuration of this user account is to have access to all public folders.