?
Solved

MS Exchange 2000 and Symantec file auto scanning Question ??

Posted on 2007-07-27
20
Medium Priority
?
311 Views
Last Modified: 2013-11-22
I've just finished installing MS Exchange 2000 server.  I know there certain Exchange files that the Antivirus software is not support to scan.  I'm sure of the exact files and how to configure  symantec from scanning them.  This is my first mail enterprise server to install and so I'm going to need some help.  I'm also going to introduce it to other domains but right now I'm not ready to do that.  I'm afraid spammers are going flood the box with spam mail if I don't it right.  Any steps, Links and previous experience to put this server online and protect it from spammers, trojas-virus is highly appreciated.  Thanks.
0
Comment
Question by:timnjohnson
  • 8
  • 8
  • 2
  • +2
20 Comments
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 19582799
Hi timnjohnson,

I think you are a little bit over-worried. I agree with you that spams and virus do have a big impact to business, it isn't a big problem if you and your users do things "properly".

Of course you will need a decent AV software on your Exchange server scanning incoming (& outgoing) emails. You need a server based product and there are hosts of them on the market. I have been working with McAfee, AVG and Kaspersky in my past and I favour Kaspersky. It is the most expensive out of the three but it did a fantastic job for me. AVG is the cheapest and the easiest to manage (most user-friendly if you like).

You can go for the "Business suite" licences so that not only you get protection on your server but also your client workstations. You never know what your users brought in or been downloading. Both AVG and Kaspersky do provide such product.

As for SPAMs, although both products claim they do trap spam but they are not 100% reliable. They do trap some obvious spam but do let a few past their scan. I recommend you have a look at Blackspider - in which they provide a service to scan all your emails before deliver them back to you.

The most important thing is to educate your users - never open anything suspicous or from someone you don't know. Do NOT reply to junk emails.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 19582838
Do not allow scanning of the exchnage data store unless your AV is exchnage aware - also ee http://support.microsoft.com/kb/298924
0
 

Author Comment

by:timnjohnson
ID: 19582842

I failed to mention that, we're a very small Biotech firm and we're also short on cash.   We use Symantec AV for SMB ver10.0 for the desktops and servers.  I wanted to know, since this is available can use it for exchange server too?   We can't afford to buy at this time big  money software.  I had to pull somebody's head to buy the symantec.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 19

Expert Comment

by:aissim
ID: 19582887
Here's an article that discusses which portions of the Exchange server's file structure to exclude from scanning (and which portions are safe):
http://entkb.symantec.com/security/output/n2005040513412648.html
0
 
LVL 70

Expert Comment

by:KCTS
ID: 19583084
Good anti-virus software designed to work with exchange in not cheap, but compared with the costs involved in recovering from a virus attack it is very small. If you want to protect exchnage properly you cannot afford to skimp on good AV software. You need to get somehing that works properly with exchange.
0
 
LVL 32

Expert Comment

by:r-k
ID: 19583783
As pointed out already, do not allow Symantec or any other non-exchange aware program to scan Exchange files. Here are some additional links discussing what to exclude:

 http://entkb.symantec.com/security/output/n2004052416452048.html
 http://support.microsoft.com/kb/328841
 http://www.msexchange.org/articles/Properly-Configure-file-system-antivirus-Exchange.html

In fact I personally think it is a bad idea to run any sort of AV program on the same computer that runs Exchange. You are correct that in the long run you will have a spam problem, so what I would suggest is to get an anti-spam software and have it block all executable attachments (e.g. .exe, .pif, .bat, .zip etc.) That will automatically block all viruses as well, along with spam. There are a number of relatively inexpensive anti-spam solutions out there, some are even free, but cost you in time, and not all are equally effective.

Put the AV where it belongs, on the desktops. Also upgrade to 2003 if possible.

Last but not least, backup the Exchange datavase, and the System State, every night. http://www.msexchange.org/articles/MF020.html
0
 

Author Comment

by:timnjohnson
ID: 19584629

r-k,

Thanks for your quick response.  However, putting the AV where it belongs  is a good idea but doesn't the OS need to be protected too?  Or do I leave the box exposed.
0
 
LVL 32

Expert Comment

by:r-k
ID: 19585917
"doesn't the (server) OS need to be protected too?"

Yes, the server needs to be protected, but I think on balance an AV program on a server offers little useful protection.

The main threats that a traditional file-level AV protects agains are these two:
(a) You click on an infected e-mail attachment.
(b) You click on an infected web or program download.

In most cases these are moot points on a server because you should not be checking mail on the server and should be keeping web browsing to a minimum as well, not to mention not installing free downloads and games. This esp. the case with an Exchange Server.

So what steps can you take to protect the server? The main threats the server faces are (a) A hacker may break-in and install a trojan (b) The system may become corrupt due to faulty hardware or software (c) The system may become unresponsive due to poor management.

To help against (a) you should look at things like firewalls, good password policy, keeping system patched, upgrade to 2003 when possible etc. Also run MBSA and review the findings. A traditional AV is not very helpful here. For (b) you have to look at backups (both software and hardware) and nothing beats testing to see if the backups will work before disaster strikes. In many cases you are better off keeping the server lean and mean i.e. leave out unnecessary programs like AV and software firewalls to reduce upgrade conflicts. For (c) this is really a topic in itself but keeping an eye on the server is what system administration is all about.

These are my views and they are intended mainly for a small or medium size server with low to medium security requirements. If you are a bank e.g. you have to consider a completely different paradigm.

HTH but do post back with questions and of course consider alternate advice as well.

0
 

Author Comment

by:timnjohnson
ID: 19586572

Whooops,   IFS DRIVER FAILURE.

The IFS virtual drive M is causing problems!
I followed all the steps but the virtual drive is already there and there is not much to do.
This is what I did:
>Start>RUN>REGEDIT>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\EXIFS\Parameters
<edit>new>string value>M is already there and there nothing to edit.
I tried changing to a different (Q) drive and that didn't work either.
I tried to stop and restart Information Store but I'm getting the "Error 1068"  saying something to do dependency services or group failed to start.
What Am I missing here!  The IFS instructions are straight forward and not much to do.
Any any better ideas?
Thanks.

0
 
LVL 32

Expert Comment

by:r-k
ID: 19586727
That seems like a bad thing to change. Why are you doing it?
Are you following some instructions, if so from where?
0
 

Author Comment

by:timnjohnson
ID: 19586778

I followed this link from Microsoft.
http://support.microsoft.com/kb/821836
0
 
LVL 32

Expert Comment

by:r-k
ID: 19588740
I am still not sure why you are doing that. That article # 821836 is for Exchange 2003, while you have Exchange 2000. Even then it is for very special situations only.

Have you been able to Exchange server functional again by undoing whatever changes you made? I suppose an important lesson of system administration is to not make changes unless you are quite sure why, and even then have a way of undoing whatever you did in case things go bad.
0
 

Author Comment

by:timnjohnson
ID: 19588823

The virtual drive M is failing for some reason and I can't restart the Information Store.  
I don't why the virtual driver is failing.  Under the regedit it;s there but it's mapping to  IFS to M:/
I really need some help.
0
 
LVL 32

Expert Comment

by:r-k
ID: 19588844
Might be a good idea to open a new thread in the Exchange topic area. Describe the new symptoms as fully as possible, including error codes from the Event Logs etc. If you think this was caused by something specific you did then describe that also.I will follow up there but there are many Exchange experts who can probably help better or faster. Thanks.
0
 

Author Comment

by:timnjohnson
ID: 19588894

I'm opening a new thread now.

Thanks.
0
 
LVL 32

Expert Comment

by:r-k
ID: 19597962
Just checked out your other thread. Did not realize you were installing Exchange 2000 on Windows 2003, but glad that point is cleared up. Exchange 2003/Windows 2003 is probably the most stable combination at the moment, but Exchange 2000/Windows Server 2000 is certainly workable. Did you get things running more smoothly now. Do you have any questions at the moment about AV and Exchange 2000? Thanks.

0
 

Author Comment

by:timnjohnson
ID: 19598997

Thanks for getting back to me.
Exchange 2000 and Windows 2003 didn't work at all, so I tried installing Exchange 2000 on Windows 2000 and it didn't work either.  I thought of dusting out an old NT4.0 Server and see whether that would work, but some in the board felt that was a bad idea to go back to NT.  Do you have a work around for Exch2000/Windows 2000?  I'm getting a little nervous now.  
Thanks.
0
 
LVL 32

Expert Comment

by:r-k
ID: 19601147
If you have both Win Server 2000 and Exch 2000, that is a much, much better thing than NT v4.0.

I would definitely recommend staying with the 2000/2000 combination to get things to work. When you say "it did not work" can you provide more details. Also, since that is a different question from the topic of this thread, again a good thing to post a new question about this in the Exchange area rather than AV.

There is an excellent series of how-to articles about Exchange 2000 at this site:

 http://www.msexchange.org/articles_tutorials/exchange-server-2000/

and in general that site has many articles on all versions of Exchange.

Good luck.
0
 

Author Comment

by:timnjohnson
ID: 19605885

Thanks for the Link.

I'm opening a new thread for Exchange2000/windows2000.
0
 
LVL 32

Accepted Solution

by:
r-k earned 1500 total points
ID: 19606427
OK, I posted a comment there. For future reference note that there is a separate topic area for "Exchange" (found under Software -> Server Software -> Email Servers -> Exchange) and posting in that area probably gets you the best responses to Exchange related questions.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question