Exchange Server 2003 corrupting files.
We have Exchange 2003 as our email server for work. I work for a digital imaging company so we do receive alot of attachments. This one particular guy receives alot more then anyone else. Lately he has been having problems where someone will attach a file (.pdf or .zip) and when he goes to open it, it is corrupt. Sometimes they will send 4 or 5 files and some will be good and others will be corrupt. I know it's something on our side because he receives files from 100's of different customers and it happens from everyone with no apparent pattern. It's not the file size because some of the corupt files are bigger then other files attached and some are smaller. I've had him forward the emails to 3 or 4 other people within the company to see if they could open the files and they are corrupt for them too, which makes me think it has something to do with exchange 2003? He can receive anywhere from 100-500MB of attachments a day...any suggestions?
ASKER
We dont use any hardware firewalls, we only use Trendmicro office scan client for antivirus. Noone else in the company complains of this problem which makes it seem like it has something to do with the amount of attachments he is getting since he gets the most of anyone in the company....just seems weird that it would start all of the sudden like this
I think the only reason you are seeing the problems with this user is because of the high number of attachments received makes that user more prone to see problems. IN general, most users do not use attachments, so the odd corrupt attachment would be dismissed.
If the user is receiving large messages then that can also cause problems with firewalls and other things timing out before the email message is complete.
You should ensure that your AV software is configured not to scan any part of the Exchange directories. I usually exclude the entire /exchsrvr directory structure.
Simon.
If the user is receiving large messages then that can also cause problems with firewalls and other things timing out before the email message is complete.
You should ensure that your AV software is configured not to scan any part of the Exchange directories. I usually exclude the entire /exchsrvr directory structure.
Simon.
ASKER
You mean the virus software on the server? Or his virus software locally. Also do you think it could have to do with our ISP (Cincinnati Bell) as it looks like our email goes through them first?
ASKER
One other thing....how secure is that to not scan your exchange directory at all? Does that open you up to the risk of network wide infection or lower your network security at all?
Virus software on the Exchange server would be the first place that you need to configure correctly.
This isn't an issue about being secure or not, it is about the behaviour of the products. The best practise from Microsoft is that any desktop level AV software should not scan the key Exchange directories. If you want to protect Exchange from viruses then you should use an Exchange aware AV product.
Simon.
This isn't an issue about being secure or not, it is about the behaviour of the products. The best practise from Microsoft is that any desktop level AV software should not scan the key Exchange directories. If you want to protect Exchange from viruses then you should use an Exchange aware AV product.
Simon.
I can't seem to find an Exchange 2003 article, but this is the Exchange 2000 article with the awful M drive was used: http://support.microsoft.com/default.aspx?kbid=298924
Simon.
Simon.
ASKER
Hmm we don't have an M drive. So is the M drive where all the mailbox stores are or is it just used by exchange itself? Sorry to bug you about this I just don't want to make any mistakes that will mess it up worse. How safe is it to not scan exchages folder?
The M drive was something that Microsoft introduced in Exchange 2000. Very bad idea and was dropped in the next version.
Not the Exchange directories is not an option. You should not be doing it. If you are then it is just a matter of time before you have problems with the server.
Simon.
Not the Exchange directories is not an option. You should not be doing it. If you are then it is just a matter of time before you have problems with the server.
Simon.
ASKER
"Not the Exchange directories is not an option. You should not be doing it. If you are then it is just a matter of time before you have problems with the server. "
I don't understand what you meant by that. Sorry
I don't understand what you meant by that. Sorry
My mind thinks faster than I can type ( and I can type at 60WPM).
"Not scanning the Exchange directories is not an option. You should not be doing it. If you are then it is just a matter of time before you have problems with the server. "
What I am saying is that you must configure your AV software not to scan the Exchange directories. This isn't an issue whether it is secure or not. If you scan those directories you will have problems with Exchange.
Simon.
"Not scanning the Exchange directories is not an option. You should not be doing it. If you are then it is just a matter of time before you have problems with the server. "
What I am saying is that you must configure your AV software not to scan the Exchange directories. This isn't an issue whether it is secure or not. If you scan those directories you will have problems with Exchange.
Simon.
ASKER
I was just looking in the logs of the antivirus on Exchange server and I see that ithas found a couple of things in this folder: D:\Exchsrvr\Mailroot\vsi 1\Queue\Ntfs_aae126......
Would this be an example of folders we should not be scanning?
Would this be an example of folders we should not be scanning?
That is a clear example of why you shouldn't be scanning the exchsrvr directories. That is the queue, where all email passes through. By the time the AV software had scanned the item, it would be gone.
Simple do not scan any part of the \exchsrvr directory structure, plus your logs and databases, if they are stored elsewhere.
Simon.
Simple do not scan any part of the \exchsrvr directory structure, plus your logs and databases, if they are stored elsewhere.
Simon.
ASKER
So this is a dumb question but that was found during a scan....will the system auto protect of the anti virus software cause problems? Does it need to be added as an exclusion?
Most AV packages have two sets of options.
1. The real time scan, which is scanning all the time
2. The scheduled or on demand scan, which scans when asked.
You need to check that both of those will not scan the /exchsrvr directories or the location of the databases or transaction logs.
If you look in the queue folder that should be empty at all times. Having items in it is a bad sign.
Simon.
1. The real time scan, which is scanning all the time
2. The scheduled or on demand scan, which scans when asked.
You need to check that both of those will not scan the /exchsrvr directories or the location of the databases or transaction logs.
If you look in the queue folder that should be empty at all times. Having items in it is a bad sign.
Simon.
ASKER
Still no luck, we shut down the Virus protection of all Exchange folders and we are still getting alot of corrupt files through this one persons Email. No idea what else to try...we are at a complete loss
What is his default delivery location, Exchange Mailbox or a pst file on the local machine?
ASKER
How do I check that? on the server or his machine? I suspect on the server so can you tell me how to check? Thanks
Go to control panel - mail - email accounts - view or change email accounts.
At the bottom of the pop-up window is says 'Deliver new email to the following location'
Does it say 'Mailbox - UserName'
or is something else displayed?
if it does say something else the user is probably using a personal folder on the local machine.
find out the location & size of this file.
To do this: Open outlook - Right click on the 'personal folder' (the name was displayed in the 'Deliver new email to the following location' drop down menu), click properties & go to advanced.
The 'Filename' section will give you the path.
Now find out the size of the file.
At the bottom of the pop-up window is says 'Deliver new email to the following location'
Does it say 'Mailbox - UserName'
or is something else displayed?
if it does say something else the user is probably using a personal folder on the local machine.
find out the location & size of this file.
To do this: Open outlook - Right click on the 'personal folder' (the name was displayed in the 'Deliver new email to the following location' drop down menu), click properties & go to advanced.
The 'Filename' section will give you the path.
Now find out the size of the file.
ASKER
its set to deliver to his mailbox not a file...I also found out this is happening to a couple other people as well, they just hadn't reported it. Sometimes we have to get people to send files 2-5 times before they come through good.
I still believe it is third party interference. If you are sending and receiving large attachments then third party tools can struggle because email is not designed to send large attachments. If you can pin it down to a workstation then I would suggest stripping the machine of AV software and informing the user not to open anything suspicious while the process is tested.
As I wrote at the very beginning, I have never seen Exchange corrupt attachments, it has always been a third party tool.
Simon.
As I wrote at the very beginning, I have never seen Exchange corrupt attachments, it has always been a third party tool.
Simon.
ASKER
Well the attachments they receive arent huge...usualy 1-5 Mb. He just receives alot of them. We took anti virus off of the exchange directories, and also now I have learned that it's not just him that it's happening to..he just receives the most email so he complains about it the most...everyone else was just dealing with it I guess. It seems odd that they come through corrupt over and over and then finally come through clean after a 3rd or fourth try, He really doesnt have any other 3rd party software except Trenmicro officescan client and I don't know if I feel safe taking that off since they are on the internet so much. Any ideas? Thanks for the suggestions.
Are these attachments with the corruption from the same sender? If not then you don't really have much choice. You need to look at the path the messages are taking and ensure that nothing is scanning that shouldn't be. So check that there is no SMTP scanning functionality on the firewall for example. If your messages come through an ISP, try and block that etc.
Simon.
Simon.
ASKER
Yep thats the problem, all from different senders, all have differnt sizes, attachments types...there just doesnt seem to be any pattern at all. We dont run ISA or any software firewall...we have a sonicwall as our only real firewall. I too have kind of flirted with the idea that its the ISP. I dont really know how to go about making anything change on their end though.
First check the sonicwall doesn't have any kind of SMTP filtering enabled. If it does, then remove it. I am not familiar with Sonicwalls, so don't know if it even has the option.
Do you receive email directly or via an ISPs Server?
Simon.
Do you receive email directly or via an ISPs Server?
Simon.
ASKER
It goes through the ISP first
In that case the ISP would be the prime suspect. Can you not switch to direct SMTP delivery?
Simon.
Simon.
ASKER
How would I go about that? Call the isp?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thansk alot for your imput simon, I am going to try that. don;t know how long it will take but I will definately update with the results.
-Joe
-Joe
It will probably be third party tools - AV and Antispam are the usual suspects, particularly if they are made by Symantec. Firewalls with SMTP scanning features can also cause problems.
Simon.