Collect: Virus scanner detected one or more viruses while scanning a message.

Microsoft.Exchange2007.Mailbox.MSExchangeIS.9628 (Rule)

Knowledge Base article:

Element properties:

Member Modules:

Source Code:

<Rule ID="Microsoft.Exchange2007.Mailbox.MSExchangeIS.9628" Enabled="false" Target="ExLibrary!Microsoft.Exchange2007.ServerRole.Mailbox" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>.</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="String">EventSourceName</XPathQuery>

              </ValueExpression>

              <Operator>MatchesWildcard</Operator>

              <Pattern>MSExchangeIS*</Pattern>

            </RegExExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="Integer">9628</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>