Solved

SBS 2011 Virus Protection.  Are my mailboxes protected?

Posted on 2013-01-16
5
384 Views
Last Modified: 2013-01-24
What level of virus protection do I need?  I am running Small Business server with Exchange.  My emails are being scanned for viruses and spam via a third party cloud product called Spam Soap.   If I run virus protection designed for file servers are my mailboxes protected from anything internal?  Making an assumption that all incoming emails are scrubbed before it arrives.   Seems like if I add something designed for Exchange the Exchange level of protection is redundant.
0
Comment
Question by:MrGD
  • 2
  • 2
5 Comments
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 38785059
No, file-based antivirus does *not* protect your mailboxes from anything internal. Whether you need it is a matter of opinion. I know people that believe a cloud-based solution is enough. And others that believe leaving an Exchange server without database-level scanning is leaving an opportunity for a virus to propagate from a blended threat.

I personally fall in the latter camp. I believe in defense-in-depth. Many threats are referred to as "blended" threats, which is to say that they combine different methods of attack and spread.

Take, for example, the latest Java zero-day exploit that has been making the security news lately. The nature of the threat gives an elevated privilege where other processes can be run. It is easily conceivable that someone could write a blended threat so that a person hits a website and the malware elevates then connects to the local Exchange server to email a variant to every mailbox on the server. This type of exploit would completely bypass your cloud-based protection because the initial infection point would start with a web-based entry.

Should such an exploit be written though, getting a signature to stop it at the Exchange level would happen relatively quickly so as long as your AV signatures were up-to-date, it would at least prevent the thing from emailing itself. You would not have prevented the initial infection since the Java exploit is *still* not patched and the way it elevates can bypass AV scanners, but you would at least prevent multiple infections within your network.

That, to me, is a significant benefit. So...yes...I fall in the "add AV to Exchange" camp in a big way. If it stops even one infection, it has paid for itself in the man-hours it takes to scrub workstations, even in a small network.

-Cliff
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 38785130
All of my clients use Symantec Endpoint Protection on their servers. I agree with the above "defense-in=depth" approach. I have one client with Exchange with outboard spam filtering and other clients with Exchange outsourced with extensive spam filtering. I still like having Symantec protecting the file system and Exchange where we have it.

... Thinkpads_User
0
 

Author Comment

by:MrGD
ID: 38787344
Better to play it safe for sure.  Not much more to also protect the Exchange Server.  What about the cloud service then?  Let's say I go with one of the End Point Service products that offers File Server, Mail Server, and spam.  Would I still need the cloud service like SpamSoap to scan the emails before they come in?  Am I saving any man-hours or adding a level of protection by having this redundancy?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 38789039
Sure. Reduces load on the server. Doesn't hurt. I do both.
0
 

Author Closing Comment

by:MrGD
ID: 38814400
Thanks for the recommendations.  Installed both.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
This video discusses moving either the default database or any database to a new volume.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now