We did exectly what it says in above link. I don't know ForeFront but we excluded files and folders listed in there in our antivirus policy for exchange . It has been 6 months now and no complains so far.
Exclude the following folders from both on-demand file-level scanners and memory resident file-level scanners:
* Exchange databases and log files across all storage groups. By default, these are located in the Exchsrvr\Mdbdata folder.
* Exchange MTA files in the Exchsrvr\Mtadata folder.
* Additional log files such as the Exchsrvr\server_name.log directory.
* The Exchsrvr\Mailroot virtual server folder.
* The working folder that is used to store streaming .tmp files that are used for message conversion. By default, this folder is Exchsrvr\Mdbdata, but the location is configurable. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
822936 (
http://support.microsoft.com/kb/822936/ ) Message flow to the local delivery queue is very slow
* The temporary folder that is used in conjunction with offline maintenance utilities such as Eseutil.exe. By default, this folder is the location where the .exe file is run from, but you can configure where you run the file from when you run the utility.
* Site Replication Service (SRS) files in the Exchsrvr\Srsdata folder.
* Microsoft Internet Information Services (IIS) system files in the %SystemRoot%\System32\Inet
srv folder.
Note You may want to exclude the whole Exchsrvr folder from both on-demand file-level scanners and memory-resident file-level scanners.
* The Internet Information Services (IIS) 6.0 compression folder that is used with Outlook Web Access 2003. By default, the compression folder in IIS 6.0 is located at %systemroot%\IIS Temporary Compressed Files.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
817442 (
http://support.microsoft.com/kb/817442/ ) Antivirus scanning of IIS Compression directory may result in 0-byte file
* For clusters, the Quorum disk and the %Winnt%\Cluster folder.
* Any messaging antivirus program folders.
* The Exchsrvr\Conndata folder.
Exclude the folder that contains the checkpoint (.chk) file from memory resident file-level scanners and on-demand file-level scanners.
Note Even if you move the Exchange databases and log files to new locations and exclude those folders, the .chk file may still be scanned. For more information about what may occur if the .chk file is scanned, click the following article numbers to view the articles in the Microsoft Knowledge Base:
253111 (
http://support.microsoft.com/kb/253111/ ) Error events are logged when the Exchange Server database service is denied write access to its own .edb files or to the .chk file
176239 (
http://support.microsoft.com/kb/176239/ ) Database won't start; circular logging deleted log file too soon
Many file-level scanners now support scanning processes. This can also adversely affect Exchange. Therefore, you should exclude the following processes from file-level scanners:
* Cdb.exe
* Cidaemon.exe
* Store.exe
* Emsmta.exe
* Mad.exe
* Mssearch.exe
* Inetinfo.exe
* W3wp.exe
