Messaging Security Agents

Messaging Security Agents protect Microsoft Exchange servers. The agent helps prevent email-borne threats by scanning email passing in and out of the Microsoft Exchange Mailbox Store as well as email that passes between the Microsoft Exchange Server and external destinations. In addition, the Messaging Security Agent can:

  • Reduce spam

  • Block email messages based on content

  • Block or restrict email messages with attachments

  • Detect malicious URLs in email

  • Prevent confidential data leaks

Important Information about Messaging Security Agents

  • Messaging Security Agents can only be installed on Microsoft Exchange servers.

  • The Messaging Security Agent does not support some Microsoft Exchange Server Enterprise features such as data availability group (DAG).

  • The Security Groups Tree in the web console displays all the Messaging Security Agents. Multiple Messaging Security Agents cannot be combined into a group; each Messaging Security Agent must be administered and managed individually.

  • WFBS uses the Messaging Security Agent to gather security information from Microsoft Exchange servers. For example, the Messaging Security Agent reports spam detections or completion of component updates to the Security Server. This information displays in the web console. The Security Server also uses this information to generate logs and reports about the security status of your Microsoft Exchange servers.

    Each detected threat generates one log entry/notification. This means that if the Messaging Security Agent detects multiple threats in a single email, it will generate multiple log entries and notifications. There may also be instances when the same threat is detected several times, especially if you are using cache mode in Outlook 2003. When cache mode is enabled, the same threat may be detected both in the transport queue folder and Sent Items folder, or in the Outbox folder.

  • In computers running Microsoft Exchange Server 2007, the Messaging Security Agent uses a SQL Server database. To prevent issues, the Messaging Security Agent services are designed to be dependent on the SQL Server service instance MSSQL$SCANMAIL. Whenever this instance is stopped or restarted, the following Messaging Security Agent services are also stopped:

    • ScanMail_Master

    • ScanMail_RemoteConfig

    Manually restart these services if MSSQL$SCANMAIL is stopped or restarted. Different events, including when SQL Server is updated, can cause MSSQL$SCANMAIL to restart or stop.