|
Measures reported by Exc2013HygFiltTest
Messaging hygiene refers to the antivirus and antispam framework built into Microsoft Exchange Server.
Exchange 2013 comes out of the box with basic built-in anti-malware protection designed to help organizations combat viruses and spyware in their e-mail messaging environment. This anti-malware feature scans emails in the transport pipeline for viruses, spyware, and malware in real-time, and deletes the messages and attachments found to be infected, so as to shield the mailbox from harm.
If this anti-malware filter takes too long to scan emails or experiences frequent crashes/failures, it will not only delay the flow of emails through the transport pipeline, but will also expose the Exchange environment to malicious virus attacks. To ensure that the Exchange environment stays healthy and protected against such unscrupulous attacks and unnecessary delays, administrators will have to keep a close watch on how the anti-malware filter functions. This is exactly what the Exc2013HygFiltTest test does.
This test tracks the requests to the anti-malware engine, monitors how quickly and efficiently the engine processes the scanning requests it receives, and in the process, proactively alerts administrators to potential delays and errors in filtering.
The measures made by this test are as follows:
| Measurement |
Description |
Measurement Unit |
Interpretation |
| Avg_scan_time |
Indicates the time taken to scan requests. |
Secs |
A high value could indicate a bottleneck in scanning. |
| Cla_pro_time |
Indicates the time taken to classify one scan request. |
Secs |
An unusually high value could indicate that request classification is taking longer than expected. |
| Scan_pro_cra |
Indicates the number of scan processes that crashed in the last hour. |
Number |
Ideally, the value of this measure should be 0. A high value is a cause for concern as it indicates frequent scan crashes. |
| Scan_pro_run |
Indicates the number of scan processes currently running. |
Number |
This is a good indicator of the current workload of the anti-malware filter. |
| Scan_req_err |
Indicates what percentage of scan requests submitted in the last minute encountered errors that prevented the processing of those scan requests. |
Percent |
This includes scan requests rejected, fatal errors and errors while processing.
Ideally, this measure should report the value 0. A high value indicates that many scan requests have encountered errors and were hence not processes. This is a cause for concern and warrants an investigation. |
| Scan_req_time |
Indicates the number of scan requests that timed out in the last minute. |
Number |
|
| Scan_req_wait |
Indicates the average time for which a scan request waits in the internal queue. |
Secs |
A high value is indicative of a processing slowdown. |
| Scan_req_pro |
Indicates the number of scan requests processed per second. |
Processed/Sec |
Ideally, the value of this measure should be high. A consistent drop in this value could indicate a processing slowdown. |
| Scan_req_que |
Indicates the number of scan requests that are currently in the internal queue. |
Number |
|
| Scan_req_sub |
Indicates the number of scan requests submitted per second, including requests accepted and rejected by the scanning system. |
Submitted/Sec |
|
|