?
Solved

SBS 2011 Virus Protection.  Are my mailboxes protected?

Posted on 2013-01-16
5
Medium Priority
?
393 Views
Last Modified: 2013-01-24
What level of virus protection do I need?  I am running Small Business server with Exchange.  My emails are being scanned for viruses and spam via a third party cloud product called Spam Soap.   If I run virus protection designed for file servers are my mailboxes protected from anything internal?  Making an assumption that all incoming emails are scrubbed before it arrives.   Seems like if I add something designed for Exchange the Exchange level of protection is redundant.
0
Comment
Question by:MrGD
  • 2
  • 2
5 Comments
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 38785059
No, file-based antivirus does *not* protect your mailboxes from anything internal. Whether you need it is a matter of opinion. I know people that believe a cloud-based solution is enough. And others that believe leaving an Exchange server without database-level scanning is leaving an opportunity for a virus to propagate from a blended threat.

I personally fall in the latter camp. I believe in defense-in-depth. Many threats are referred to as "blended" threats, which is to say that they combine different methods of attack and spread.

Take, for example, the latest Java zero-day exploit that has been making the security news lately. The nature of the threat gives an elevated privilege where other processes can be run. It is easily conceivable that someone could write a blended threat so that a person hits a website and the malware elevates then connects to the local Exchange server to email a variant to every mailbox on the server. This type of exploit would completely bypass your cloud-based protection because the initial infection point would start with a web-based entry.

Should such an exploit be written though, getting a signature to stop it at the Exchange level would happen relatively quickly so as long as your AV signatures were up-to-date, it would at least prevent the thing from emailing itself. You would not have prevented the initial infection since the Java exploit is *still* not patched and the way it elevates can bypass AV scanners, but you would at least prevent multiple infections within your network.

That, to me, is a significant benefit. So...yes...I fall in the "add AV to Exchange" camp in a big way. If it stops even one infection, it has paid for itself in the man-hours it takes to scrub workstations, even in a small network.

-Cliff
0
 
LVL 99

Expert Comment

by:John Hurst
ID: 38785130
All of my clients use Symantec Endpoint Protection on their servers. I agree with the above "defense-in=depth" approach. I have one client with Exchange with outboard spam filtering and other clients with Exchange outsourced with extensive spam filtering. I still like having Symantec protecting the file system and Exchange where we have it.

... Thinkpads_User
0
 

Author Comment

by:MrGD
ID: 38787344
Better to play it safe for sure.  Not much more to also protect the Exchange Server.  What about the cloud service then?  Let's say I go with one of the End Point Service products that offers File Server, Mail Server, and spam.  Would I still need the cloud service like SpamSoap to scan the emails before they come in?  Am I saving any man-hours or adding a level of protection by having this redundancy?
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 38789039
Sure. Reduces load on the server. Doesn't hurt. I do both.
0
 

Author Closing Comment

by:MrGD
ID: 38814400
Thanks for the recommendations.  Installed both.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month17 days, 12 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question