I am in the midst of an Exchange 2010 to 2013 SP1 migration. I recently noticed that, as I started moving mailboxes to my new server, my SCEP 2012 file-system antivirus client started screaming about tons of malware in the TEMP folder. My question is, where is this malware coming from? What does Exchange use the TEMP folder for? Is this malware actually manifested in items in users' mailboxes, or is my new server infected at the OS level? I find it hard to believe that my new server is infected by anything other than mailbox content, as it is behind two firewalls and I just created it two weeks ago. SCEP seems to be deleting the files it finds in the TEMP directory. Should I do something more? Please advise. I've created all of the file type, process, and location exceptions that Microsoft recommends for OS-level malware clients.