On-demand mailbox database scan


NOTE

If you are running Microsoft Exchange Server 2007 or 2010 you can choose between Mailbox database protection and On-demand mailbox database scan, only one protection type can be active at a time. If you decide to use On-demand mailbox database scan you will need to disable integration of Mailbox database protection in Advanced setup (F5) under Server. Otherwise On-demand mailbox database scan will not be available.

Host address

Name or IP address of server running EWS (Exchange Web Services).

Username

Specify credentials of a user that has appropriate access to EWS (Exchange Web Services).

User password

Click Set next to User password and type password for this user account.


IMPORTANT

In order to scan Public folders, the user account used for On-demand mailbox database scan needs to have a mailbox. Otherwise, Failed to load public folders will be displayed in the Database scan log, along with a more specific message returned by Exchange.

Mailbox access method

Allow you to select preferred mailbox access method:

Impersonation

Easier and faster setup is ApplicationImpersonation role which has to be assigned to the scanning account.

Assign ApplicationImpersonation role to user

If this option is grayed out, you need to specify a Username. Click Assign to automatically assign the ApplicationImpersonation role to selected user. Alternatively, you can assign the ApplicationImpersonation role manually to a user account. A new unlimited EWS Throttling Policy is created for the user account. For more information see Database scan account details.

Delegation

Use this access type if you want to requires access rights set on individual mailboxes, but can provide higher speeds when scanning large amounts of data.

Assign delegated access to user

If this option is grayed out, you need to specify a Username. Click Assign to automatically grant selected user full access to all user and shared mailboxes. A new unlimited EWS Throttling Policy is created for the user account. For more information see Database scan account details.

Use SSL

Needs to be enabled if EWS (Exchange Web Services) is set to Require SSL in IIS. If SSL is enabled, the Exchange Server certificate must be imported on the system with ESET Mail Security (in case Exchange Server roles are on different servers). Settings for EWS can be found in IIS under Sites/Default web site/EWS/SSL Settings.


NOTE

Disable Use SSL only if you have EWS configured in IIS not to Require SSL.

Ignore server certificate error

If you are using a Self-signed certificate, you can ignore server certificate error.

Client certificate

Needs to be set only if Exchange Web Services (EWS) requires a client certificate. Click Select to select a certificate.

Action to take if cleaning not possible

This actions field allows you to block infected content.

No action - Take no action on the infected content of the message.

Move message to trash - Is not supported for Public folder items, the Delete object action will be applied instead.

Delete object - Deletes infected content of the message.

Delete message - Delete the entire message including its infected content.

Replace object with action information - Removes an object and includes an information that the object was removed.

Action to take on phishing message:

No action - Keep the message even if it is marked as phishing.

Move message to trash - Is not supported for Public folder items, the Delete object action will be applied instead.

Delete message - Delete the entire message including its infected content.

Number of scan threads

You can specify how many threads should ESET Mail Security use when scanning the databases. The higher the number, the better the performance. However, this has an effect on how much resources are used. The default value is set to 4 scan threads.


NOTE

If you configure On-demand mailbox database scan to use too many threads, it may put too much of a load on your system, which in turn might slow down other processes or even the whole system. You may encounter an error message saying "Too many concurrent connections opened".

Visible only if you have Office 365 hybrid environment.

Username

Specify credentials of a user that has appropriate access to EWS (Exchange Web Services).

User password

Click Set next to User password and type password for this user account.

Assign ApplicationImpersonation role to user

If this option is grayed out, you need to specify a Username. Click Assign to automatically assign the ApplicationImpersonation role to selected user. Alternatively, you can assign the ApplicationImpersonation role manually to a user account. A new unlimited EWS Throttling Policy is created for the user account. For more information see Database scan account details.