Remove From My Forums

"search-message ... -deletecontent" can't delete message with Virus attachment?

Question
0

Sign in to vote
I hope I'm just doing this wrong...

When I use the following to try to remove a message with a Virus attachment that came in to multiple users, it won't delete the message. The command completes successfully and it shows ResultItemsCount: 0 for all mailboxes.

get-mailbox -resultsize unlimited | search-mailbox -SearchQuery "attachment:'Virusattachment.doc'" -DeleteContent

It seems that the issue is it can't delete messages that are not indexed by the search indexer. If this is true, that seems crazy as it's very likely that Viral attachments are not going to be able to be indexed correctly.

When I run "get-FailedContentIndexDocuments" I can see the message that I want to purge listed with a status of "Filter not found" even though it is a .doc attachment.

This is with Exchange 2010 sp1. I've also verified that messages with valid attachments can be deleted just fine with my account so my privileges are correct. I've also searched with different SearchQueries including senderaddress and subject with the same results. I'm able to delete anything except for messages with bad/encrypted/unknown attachments.
Is there something else I can do?
- Edited by John Philip Friday, April 27, 2012 2:40 PM add
Friday, April 27, 2012 2:32 PM

Answers

0

Sign in to vote
I'm not sure that MFCMAPI is what I need, as I don't see an easy way to delete a message from many mailboxes with a simple command. Instead, I decided not to even bother trying to index these attachments and deleted the registry keys for .pdf, .doc, .docx, and .dot in the following location:

HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\MSSearch\Filters

Then I added .pdf, .doc, .docx, and .dot keys to the registry here and restarted Exchange search:

HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\MSSearch\NullFilters

I sent the Virus .doc file to myself and verified mailbox-search could now delete it. The following link has the info on the Exchange search filters:

http://technet.microsoft.com/en-us/library/ee633485.aspx
- Proposed as answer by Martina_Miskovic Thursday, May 17, 2012 7:29 PM
- Marked as answer by John Philip Wednesday, May 23, 2012 11:01 PM
Saturday, May 12, 2012 3:28 AM

All replies

0

Sign in to vote

Hi,
What if you add the parameter -IncludeUnsearchableItems, does that work?
get-mailbox -resultsize unlimited | search-mailbox -SearchQuery "attachment:'Virusattachment.doc'" -DeleteContent -IncludeUnsearchableItems

Martina Miskovic

Friday, April 27, 2012 4:52 PM
0

Sign in to vote
Ahh, yes I thought that was the solution at first too, but it turns out you can't use "-DeleteContent" and "-IncludeUnsearchableItems" at the same time!

The IncludeUnsearchableItems and DeleteContent parameters cannot be used together. + CategoryInfo : InvalidArgument: (:) [], ArgumentException + FullyQualifiedErrorId : 77882AE3
- Edited by John Philip Friday, April 27, 2012 5:01 PM
Friday, April 27, 2012 4:59 PM
0

Sign in to vote
Hi

How about using MFCMAPI Tool to delete that message

http://www.microsoft.com/en-us/download/details.aspx?id=2953

Cheers

Zi Feng
Zi Feng

TechNet Community Support
- Marked as answer by Zi FengModerator Monday, May 7, 2012 2:13 AM
- Unmarked as answer by John Philip Saturday, May 12, 2012 3:29 AM
Monday, April 30, 2012 7:39 AM

Moderator
0

Sign in to vote
I'm not sure that MFCMAPI is what I need, as I don't see an easy way to delete a message from many mailboxes with a simple command. Instead, I decided not to even bother trying to index these attachments and deleted the registry keys for .pdf, .doc, .docx, and .dot in the following location:

HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\MSSearch\Filters

Then I added .pdf, .doc, .docx, and .dot keys to the registry here and restarted Exchange search:

HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\MSSearch\NullFilters

I sent the Virus .doc file to myself and verified mailbox-search could now delete it. The following link has the info on the Exchange search filters:

http://technet.microsoft.com/en-us/library/ee633485.aspx
- Proposed as answer by Martina_Miskovic Thursday, May 17, 2012 7:29 PM
- Marked as answer by John Philip Wednesday, May 23, 2012 11:01 PM
Saturday, May 12, 2012 3:28 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

"search-message ... -deletecontent" can't delete message with Virus attachment?

Question

Answers

All replies