SBS 2011 Virus Protection. Are my mailboxes protected?

What level of virus protection do I need?  I am running Small Business server with Exchange.  My emails are being scanned for viruses and spam via a third party cloud product called Spam Soap.   If I run virus protection designed for file servers are my mailboxes protected from anything internal?  Making an assumption that all incoming emails are scrubbed before it arrives.   Seems like if I add something designed for Exchange the Exchange level of protection is redundant.
Who is Participating?
Cliff GaliherConnect With a Mentor Commented:
No, file-based antivirus does *not* protect your mailboxes from anything internal. Whether you need it is a matter of opinion. I know people that believe a cloud-based solution is enough. And others that believe leaving an Exchange server without database-level scanning is leaving an opportunity for a virus to propagate from a blended threat.

I personally fall in the latter camp. I believe in defense-in-depth. Many threats are referred to as "blended" threats, which is to say that they combine different methods of attack and spread.

Take, for example, the latest Java zero-day exploit that has been making the security news lately. The nature of the threat gives an elevated privilege where other processes can be run. It is easily conceivable that someone could write a blended threat so that a person hits a website and the malware elevates then connects to the local Exchange server to email a variant to every mailbox on the server. This type of exploit would completely bypass your cloud-based protection because the initial infection point would start with a web-based entry.

Should such an exploit be written though, getting a signature to stop it at the Exchange level would happen relatively quickly so as long as your AV signatures were up-to-date, it would at least prevent the thing from emailing itself. You would not have prevented the initial infection since the Java exploit is *still* not patched and the way it elevates can bypass AV scanners, but you would at least prevent multiple infections within your network.

That, to me, is a significant benefit. So...yes...I fall in the "add AV to Exchange" camp in a big way. If it stops even one infection, it has paid for itself in the man-hours it takes to scrub workstations, even in a small network.

John HurstBusiness Consultant (Owner)Commented:
All of my clients use Symantec Endpoint Protection on their servers. I agree with the above "defense-in=depth" approach. I have one client with Exchange with outboard spam filtering and other clients with Exchange outsourced with extensive spam filtering. I still like having Symantec protecting the file system and Exchange where we have it.

... Thinkpads_User
MrGDAuthor Commented:
Better to play it safe for sure.  Not much more to also protect the Exchange Server.  What about the cloud service then?  Let's say I go with one of the End Point Service products that offers File Server, Mail Server, and spam.  Would I still need the cloud service like SpamSoap to scan the emails before they come in?  Am I saving any man-hours or adding a level of protection by having this redundancy?
Cliff GaliherCommented:
Sure. Reduces load on the server. Doesn't hurt. I do both.
MrGDAuthor Commented:
Thanks for the recommendations.  Installed both.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.