Solved

SBS 2011 Virus Protection.  Are my mailboxes protected?

Posted on 2013-01-16
5
390 Views
Last Modified: 2013-01-24
What level of virus protection do I need?  I am running Small Business server with Exchange.  My emails are being scanned for viruses and spam via a third party cloud product called Spam Soap.   If I run virus protection designed for file servers are my mailboxes protected from anything internal?  Making an assumption that all incoming emails are scrubbed before it arrives.   Seems like if I add something designed for Exchange the Exchange level of protection is redundant.
0
Comment
Question by:MrGD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 38785059
No, file-based antivirus does *not* protect your mailboxes from anything internal. Whether you need it is a matter of opinion. I know people that believe a cloud-based solution is enough. And others that believe leaving an Exchange server without database-level scanning is leaving an opportunity for a virus to propagate from a blended threat.

I personally fall in the latter camp. I believe in defense-in-depth. Many threats are referred to as "blended" threats, which is to say that they combine different methods of attack and spread.

Take, for example, the latest Java zero-day exploit that has been making the security news lately. The nature of the threat gives an elevated privilege where other processes can be run. It is easily conceivable that someone could write a blended threat so that a person hits a website and the malware elevates then connects to the local Exchange server to email a variant to every mailbox on the server. This type of exploit would completely bypass your cloud-based protection because the initial infection point would start with a web-based entry.

Should such an exploit be written though, getting a signature to stop it at the Exchange level would happen relatively quickly so as long as your AV signatures were up-to-date, it would at least prevent the thing from emailing itself. You would not have prevented the initial infection since the Java exploit is *still* not patched and the way it elevates can bypass AV scanners, but you would at least prevent multiple infections within your network.

That, to me, is a significant benefit. So...yes...I fall in the "add AV to Exchange" camp in a big way. If it stops even one infection, it has paid for itself in the man-hours it takes to scrub workstations, even in a small network.

-Cliff
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 38785130
All of my clients use Symantec Endpoint Protection on their servers. I agree with the above "defense-in=depth" approach. I have one client with Exchange with outboard spam filtering and other clients with Exchange outsourced with extensive spam filtering. I still like having Symantec protecting the file system and Exchange where we have it.

... Thinkpads_User
0
 

Author Comment

by:MrGD
ID: 38787344
Better to play it safe for sure.  Not much more to also protect the Exchange Server.  What about the cloud service then?  Let's say I go with one of the End Point Service products that offers File Server, Mail Server, and spam.  Would I still need the cloud service like SpamSoap to scan the emails before they come in?  Am I saving any man-hours or adding a level of protection by having this redundancy?
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 38789039
Sure. Reduces load on the server. Doesn't hurt. I do both.
0
 

Author Closing Comment

by:MrGD
ID: 38814400
Thanks for the recommendations.  Installed both.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question