How can I view the Intelligent Message Filter (IMF) archive in Exchange 2003?

Last Update: Sep 17, 2024 | Published: Jan 07, 2009

SHARE ARTICLE

Microsoft Exchange Intelligent Message Filter is a product developed by Microsoft to help companies reduce the amount of unsolicited commercial e-mail (UCE), or spam, received by users. You can read more about IMF on the Block Spam with Exchange 2003 Intelligent Message Filter page.
When using IMF to help reduce the volume of Unsolicited Commercial E-Mail (UCE, or most commonly known as Spam) received by your users, one of the configuration options is to archive the received messages that are flagged as spam and have a Spam Confidence Level (or SCL) greater than a certain threshold you find reasonable. SCL is a “rating system” that on a scale from -1 (only used for authenticated users) to 10, will tell Outlook or OWA whether or not the e-mail should be moved to the Junk E-mail folder (depending on the user’s settings). Note that not all messages might be transferred to the store (i.e. the user’s mailbox) depending on the settings on the IMF tab. Read more about how to Configure Intelligent Message Filter in Exchange 2003 SP2.
Archiving the incoming messages for a period of 2 or 3 weeks allows you to be sure that the IMF filter settings are optimal for your organization. Lowering the SCL threshold or making it higher will allow you to control the percentage of false positives that IMF thinks is spam, to some extent.
Note: When performing the archive operation on the messages that have an SCL that is greater than the threshold you’ve configured (make sure you also read Bug in Intelligent Message Filter Interface), these messages will be placed inside a folder on your server’s hard disk.
The archive folder’s location is usually here:
c:program filesexchsrvrmailrootvsi 1ucearchive
(replace C: with the drive letter of your Exchange installation, and replace VSI 1 with the folder name for your SMTP Virtual Server).
this image has been lost in time
In the above screenshot you see that there are 2 messages in the folder. This is only a test setup, so there aren’t many messages there. However in a production environment there will be hundreds, if not thousands of spam messages in the folder. We need to be able to view and work with these messages. Otherwise I wouldn’t bother archiving them, now would I?
One thing you could do is to move this directory to a large drive because spam really accumulates over time. In order to move the ucearchive folder to a different location please read Moving Intelligent Message Filter Archive Folder.
Note: When looking at the archived items you will notice that they do not have an SCL rating. This is because Exchange IMF does not archive the SCL rating in the message header. In order to keep the SCL rating within the message you will need to read Archiving the SCL Rating in Intelligent Message Filter.

In order to view these archived messages you will need to download and install a 3rd-party tool. Two of those come in mind:

Method #1: IMF Archive Manager

Currently available here:
IMF Archive Manager (currently version 2.05, 72kb)
Needless to say free, small, no need to install anything, you just extract the files and place them wherever you want. I’ve also added a shortcut to the tool and placed it on my desktop.
When first running the tool you need to supply it with the location of the ucearchive and pickup folder locations. These are usually:
c:program filesexchsrvrmailrootvsi 1ucearchive
c:program filesexchsrvrmailrootvsi 1pickup
(as noted above, replace C: with the drive letter of your Exchange installation, and replace VSI 1 with the folder name for your SMTP Virtual Server).
this image has been lost in time this image has been lost in time
When you run the program executable it will get a UI that will allow you to view the message headers and delete, resubmit and do other things to the any selected message.
this image has been lost in time
If you’ve performed the procedure outlined on the Archiving the SCL Rating in Intelligent Message Filter article, you’ll also see the SCL rating of each message:
this image has been lost in time

Method #2: IMFcompanion

Currently available here:
IMFcompanion (currently version 1.15.6, 2.68mb)
Larger, more complex, comes with an installer, but also fully free. Here too you’ll need to manually configure it for the ucearchive and pickup folders:
this image has been lost in time
After doing so, the view is much more detailed than the one in IMF Archive Manager, and you can also perform delete, resend and find functions on the messages. Note the SCL rating that can be clearly seen (providing you followed the Archiving the SCL Rating in Intelligent Message Filter article). Future versions promise the ability to white list the sender if so required.
this image has been lost in time

SHARE ARTICLE