On-demand mailbox database scan

On-demand mailbox database scan is available for the following system types:

Microsoft Exchange Server 2007 (Mailbox or Hub Transport server role)

Microsoft Exchange Server 2007 (single server installation with multiple roles)

Microsoft Exchange Server 2010 (Mailbox or Hub Transport server role)

Microsoft Exchange Server 2010 (single server installation with multiple roles)

Microsoft Exchange Server 2013 (Mailbox server role)

Microsoft Exchange Server 2013 (single server installation with multiple roles)

Microsoft Exchange Server 2016 (Mailbox server role)

Microsoft Exchange Server 2019 (Mailbox server role)

Windows Small Business Server 2008

Windows Small Business Server 2011

note_icon_note NOTE

If you are running Microsoft Exchange Server 2007, 2010, 2013 or 2016 you can choose between Mailbox database protection and On-demand mailbox database scan, only one protection type can be active at a time. If you decide to use On-demand mailbox database scan you will need to disable integration of Mailbox database protection in Advanced setup under Server. Otherwise On-demand mailbox database scan will not be available.

Host address - Name or IP address of server running EWS (Exchange Web Services).

Username -  Specify credentials of a user that has appropriate access to EWS (Exchange Web Services).

User password - Click Set next to User password and type password for this user account.

note_icon_important IMPORTANT

In order to scan Public folders, the user account used for On-demand mailbox database scan needs to have a mailbox. Otherwise, Failed to load public folders will be displayed in the Database scan log, along with a more specific message returned by Exchange.

Assign ApplicationImpersonation role to user - If this option is grayed out, you need to specify a Username. Click Assign to automatically assign the ApplicationImpersonation role to selected user. Alternatively, you can assign the ApplicationImpersonation role manually to a user account. For more information see Database scan account details.

Use SSL - Needs to be enabled if EWS (Exchange Web Services) is set to Require SSL in IIS. If SSL is enabled, the Exchange Server certificate must be imported on the system with ESET Mail Security (in case Exchange Server roles are on different servers). Settings for EWS can be found in IIS under Sites/Default web site/EWS/SSL Settings.

note_icon_note NOTE

Disable Use SSL only if you have EWS configured in IIS not to Require SSL.

Client certificate - Needs to be set only if Exchange Web Services requires a client certificate. Click Select to select a certificate.


Action to take if cleaning not possible - This actions field allows you to block infected content.

No action - Take no action on the infected content of the message.

Move message to trash - Is not supported for Public folder items, the Delete object action will be applied instead.

Delete object - Deletes infected content of the message.

Delete message - Delete the entire message including its infected content.

Replace object with action information - Removes an object and includes an information that the object was removed.

Number of scan threads - You can specify how many threads should ESET Mail Security use when scanning the databases. The higher the number, the better the performance. However, this has an effect on how much resources are used. The default value is set to 6 scan threads.

note_icon_note NOTE

If you configure On-demand mailbox database scan to use too many threads, it may put too much of a load on your system, which in turn might slow down other processes or even the whole system. You may encounter an error message saying "Too many concurrent connections opened".