When new email arrives, it triggers action from the
EmailScan plug-in. The Outlook client is locked (to the user this could be seen as unresponsive) while steps are taken to determine the new mail object is safe, after which the client is released. The symptom of Outlook being locked (unresponsive) is intentional to avoid users accessing potentially infected mail. But, an unreasonable delay is not intentional and is typically a result of an issue highlighting the incurred pause.
Email scan process
- When the Outlook client receives a new mail notification, the EmailScan plug-in is given an opportunity to scan the object.
- The add-in initiates a process of locating the item in the Exchange mail stores and downloading it locally for scanning.
- While this process happens, you are prevented from interacting with the Outlook client. This can give the appearance that the system has stopped responding.
- After the scanning process completes, access to Outlook is restored.
The prolonged scan duration where Outlook remains paused can be influenced by multiple external factors to which VirusScan is subject, and that include the following:
- Users being remote or roaming and not on the LAN or local to the mail server.
- Configuration resulting in an Outlook PST file residing on a remote drive.
- The size of mail messages and attachments.
- The type of mail item and, so, which store the Exchange copies it to.
- The size of the user's mailbox, specifically the number of items in the calendar (if the lag occurs when receiving an invite).
- Incorrectly configured Autodiscovery for Exchange feature. For details, see KB86832.
The duration of the pause can be influenced by features and settings native to VirusScan Enterprise that include:
- VSE Patch installed.
- DAT content and Engine version.
- On delivery email scan policy setting. For example, Scan configuration - Attachments to scan.
- GTI connectivity and Artemis (Heuristic network check for suspicious files) settings.