Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 348 Source: MSExchangeTransport

A message could not be virus scanned - this operation will be retried later. Internet Message ID <[email protected]<domain>>, Error Code 0x0.
I had this problem in spite of installing SP2 on my Exchange 2003 server. I discovered that a space shortage on my system partition was causing the problem. After an upgrade to GroupShield 6.02, the old DATs were not being deleted. You should use the command "purgeOldDefinition <number of DATs to be retained>".
In addition, I changed the Virtual Memory configuration to use another partition with more free space.
McAfee Support Document ID: KB47356 has information on this event.
See ME842801 and ME843545 for two hotfixes applicable to Microsoft Exchange Server 2003.

As per Microsoft: "This event indicates that a message could not be scanned for viruses. This can occur if the following conditions are true:
- An antivirus program that uses the Virus Scanning Application Program Interface (VSAPI) is running on the Exchange server.
- The VSAPI-based antivirus program is configured to use transport scanning.
- The message that could not be scanned is digitally signed". See MSEX2K3DB and the link to "Trend Micro Support Solution ID: 121448" for additional information on this issue.

From a newsgroup post: "We experienced similar problems after upgrading Exchange 2000/Windows 2000 to Exchange 2003 SP1/Windows 2003. We have ISA 2000 (FP1, SP1) installed on the same server, which is a DC at the same time. There is also SMSMSE 4.5 for Exchange installed on it.
After we finished the upgrade to Windows 2003, we noticed that messages in the "Pending submission" queue were “waiting” for approximately 60 seconds before leaving the queue in the order they arrived. All of them were delivered but with a delay of 1 to 10 minutes. We suspected that AV for Exchange caused the problem and uninstalled the Antivirus, but this did not help.
After enumerating SMTP sinks with the SMTPreg.vbs script, we checked OnSubmission sinks. Finally, the problem was solved by deregistration and registration of URLScan SMTP sink called FltrSnk1 with class name FltrSnk1.Sink2". SMTP filters were never installed nor used with ISA server.

See "Trend Micro Support Solution ID: 127211" and "Trend Micro Support Solution ID: 1031044" for additional information on this problem.
This problem has multiple causes. See the link to "Symantec Knowledge Base ID: 2004102615323554" for the most common causes and fixes.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.