Use Exmerge to remove messages and attachments from your Exchange Server

In this article, we’ll look at Microsoft’s Exmerge utility. It can be used for a variety of tasks, such as deleting messages and attachments, archiving mail, or moving your information store data from one Exchange Server to another. We’ll focus specifically on its ability to remove e-mail messages and attachments. This utility is extremely helpful when you have been attacked by a denial of service virus (like Melissa or the Love Bug) and have thousands of unwanted e-mail messages throughout your system. While it is possible for users to delete the messages manually, this utility will remove them all with incredible speed.

Downloading the utility

Your Exchange Server probably has the Exmerge utility already installed, but you need to make sure that it is version 3.62 or higher. (Older versions of Exmerge do not provide the wide functionality that you need.) You can obtain it from http://support.microsoft.com/support/exchange/love_letter.htm. The ILOVEYOUHLPI.ZIP file, when expanded, contains the Exmerge utility in the Exmerge subdirectory. This ZIP file also contains other useful tools that will help you clean your IMC and delete attachments without removing the message.

Usage

Exmerge runs when the Exchange services are started. Using this procedure makes it unnecessary to have all your users exit their mail client. To run the utility, take the following steps:

1. Log in to the Exchange Server using the Exchange service account.
2. If you are using an antivirus software that runs a service, I recommend that you stop the service before continuing.
3. Copy Exmerge.exe, Exmerge.ini, and Mfc42.dll into a folder called Exmerge. The Exmerge.ini file is not necessary to run the utility unless you want to incorporate the use of text files to store the parameters for the delete process.
4. Run the Exmerge.exe utility from Windows Explorer. You will be presented with a welcome screen. Click Next to continue.
5. Choose Two Step Merge and click Next (see Figure 1).

   Figure 1: Choose Two Step Merge.

6. Choose Step 1: Copy Data To Personal Folders, and then click Next.
7. Type in the name of your Exchange Server and click on Options (see Figure 2).

   Figure 2: Enter the name of your Exchange Server.

8. You will now see the Data Selection Criteria sheet (see Figure 3). On the Data tab, make sure that the User Messages And Folders option is checked.

   Figure 3: The Data Selection Criteria sheet.

9. Click on the Import Procedure tab and choose the Archive Data To Target Store option. This option makes Exmerge copy the data you select to a PST file and then delete the data from the Exchange Server mailbox.
10. Click Apply and choose Yes in response to the warning message.
11. Click on the Message Details tab, shown in Figure 4). Here, you can type in the subject of the message or the name of the attachment that you want to remove. Note the syntax that the utility uses, which is listed at the bottom of the screen:

    (Date Restriction) AND (Subj1 OR Subj2 OR..Subjn) AND (Att1 OR att2 OR .. Attn)

    Figure 4: The Message Details tab.

    The separator is AND, not OR, between the date, subject, and attachment. Therefore, if you put data in the subject field and the attachment field, it must meet both criteria. You should test this utility on a bogus mailbox before applying it to a real mailbox. If you choose to remove messages based on subject, it is important to choose the message subject carefully–the program is indiscriminate about the importance of a message. For instance, if someone has a message titled, Virus Procedures, and you choose to delete all messages with the word Virus in the subject, the Virus Procedures message will be deleted. You do have the option in the Subject String Compare Criteria dropdown box to match case, to match the string exactly, or to use a substring match and ignore case.

12. You can use the Dates tab to specify a range of dates or times to help narrow your search even more. Click OK when you’re finished with the Data Selection Criteria dialog box.
13. In the window shown in Figure 5, choose the mailboxes you want to include in the search and click Next.

    Figure 5: Choose the mailboxes to include.

14. The next screen, shown in Figure 6, lets you change the folder in which the PST files will be created. Depending on the number of mailboxes chosen and the amount of information that will be deleted, it may take a lot of hard disk space to store the PST files. From here, you can also choose to save your settings, which will in turn create a new Exmerge.ini file. Click Next to start the procedure. It may take several minutes or several hours to complete the task.

    Figure 6: Choose where the PST files will be created.

Notes

You need to keep a few important notes in mind as you use Exmerge:

• Messages are not automatically removed from the System Attendant Mailbox. You must do that manually.
• If the original message was forwarded with a different subject, the Exmerge utility cannot delete the message based on the original message subject line or MTS-ID.
• If the Item Retention option is turned on, the message may be available for recovery on the Outlook client.

Exmerge is a very powerful utility. Be sure to test it thoroughly before applying it to your production mailboxes. It is always a good idea to back up your data before performing any maintenance of this type. If you don’t do an online backup with a third-party software package, you can shut down the Exchange services and do an offline backup. The essential files you need to make copies of are priv.edb, pub.edb, and dir.edb. //

Troy Thompson, MCSE+Internet, is a freelance consultant in the Louisville, Kentucky area.