Should I disable AV on both Exchange servers when replicating public folder data between old Exchange 2003 and new Exchange 2007 server

I'm planning to start migrating public folder data between an existing Exchange 2003 server to a new Exchange 2007 server. I've read a number of website which recommends disabling AV on the servers to help speed up the data exchange. I was hoping someone can clarify if it's necessary to disable it on both servers and detail what benefits and problems this has. We are using Symantec's Mail security for exchange. I was wondering if this product has any bearing on these recommendations.
Mark RyanAsked:
Who is Participating?
 
jimmymcp02Connect With a Mentor Commented:
Hi. Markit.
 
We just upgraded from 2003 to exchange 2010 and i had to disable all of my rules on symantec information foundation because it triggered a virus outbreak for each rule i had set up.
Same attachment rule
Same email rule.
 
When noticed the notifications when we were moving the public folder (i think) our consultants told us that becuase of the way we were migrating the av was triggers basically for what i understood the folder were made into email then imported back into the new exchange this triggered several alerts on sav for exchange version 6.0.5 When I moved the mailboxes i did not see this problem but public folders were a problem
 
My scenario was the following
 
Moving public folders
Old server
Server 12003 sp1 server running exchange 2003. also running sav for exchange 6.0.5 with the latest definitions.
 New server
 
Server 2 running win2k8 R2 64 running exchange 2010 (no av for exchange on the first move of public folders)  
Alerts were trigged. My sav for exchange detected a virus outbreak 5 minutes into the migration. So i disabled sav for exchange migration continued with no problems.
 
Then we migrated all the emailboxes from server1 to server2
 
During the migration i did not turn off sep11mr5 clients on both of the servers. Its worth to note that since both of the servers were running an av at the time of the  migrations with the setting trust other computers running auto protect ( see http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009081307565748 ) This might have made a difference since both server 1 and server 2 were running the same sep client version and build. Im not sure what would have happened if one of them did not have the av running (or no av at all) my av should have detected an outbreak due to the large amount of files being access or something to that nature. So enable the setting if you are running sep or disable sep completely if that setting is not enabled while you migrate.
You will need to disable all rules for sav for exchange when you are migrating trust me it will cause some problems.
 
After i migrated all of my emailboxes i enabled all my rules on sav for exchange 6.5 ( yes 6.5 not 6.0.5) which is compatible with exchange 2010.
 
Hope this helps
 
 
0
 
cornetthdCommented:
What form of AV are you using.  If it is forefront there is a registry key that can be set to prevent scanning of public folder replication data.

http://technet.microsoft.com/en-us/library/bb795071.aspx
64 Bit Server
HKLM\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server
DWORD
DoNotScanIPMReplicationMessages = 1
0
 
Mark RyanAuthor Commented:
The AV product we are using is Symantec's Mail security for exchange. Thanks for that info on Forefront.
0
 
Mark RyanAuthor Commented:
this info was very helpful. Thanks
0
All Courses

From novice to tech pro — start learning today.