Solved

SBS 2011 Virus Protection.  Are my mailboxes protected?

Posted on 2013-01-16
5
386 Views
Last Modified: 2013-01-24
What level of virus protection do I need?  I am running Small Business server with Exchange.  My emails are being scanned for viruses and spam via a third party cloud product called Spam Soap.   If I run virus protection designed for file servers are my mailboxes protected from anything internal?  Making an assumption that all incoming emails are scrubbed before it arrives.   Seems like if I add something designed for Exchange the Exchange level of protection is redundant.
0
Comment
Question by:MrGD
  • 2
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 38785059
No, file-based antivirus does *not* protect your mailboxes from anything internal. Whether you need it is a matter of opinion. I know people that believe a cloud-based solution is enough. And others that believe leaving an Exchange server without database-level scanning is leaving an opportunity for a virus to propagate from a blended threat.

I personally fall in the latter camp. I believe in defense-in-depth. Many threats are referred to as "blended" threats, which is to say that they combine different methods of attack and spread.

Take, for example, the latest Java zero-day exploit that has been making the security news lately. The nature of the threat gives an elevated privilege where other processes can be run. It is easily conceivable that someone could write a blended threat so that a person hits a website and the malware elevates then connects to the local Exchange server to email a variant to every mailbox on the server. This type of exploit would completely bypass your cloud-based protection because the initial infection point would start with a web-based entry.

Should such an exploit be written though, getting a signature to stop it at the Exchange level would happen relatively quickly so as long as your AV signatures were up-to-date, it would at least prevent the thing from emailing itself. You would not have prevented the initial infection since the Java exploit is *still* not patched and the way it elevates can bypass AV scanners, but you would at least prevent multiple infections within your network.

That, to me, is a significant benefit. So...yes...I fall in the "add AV to Exchange" camp in a big way. If it stops even one infection, it has paid for itself in the man-hours it takes to scrub workstations, even in a small network.

-Cliff
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 38785130
All of my clients use Symantec Endpoint Protection on their servers. I agree with the above "defense-in=depth" approach. I have one client with Exchange with outboard spam filtering and other clients with Exchange outsourced with extensive spam filtering. I still like having Symantec protecting the file system and Exchange where we have it.

... Thinkpads_User
0
 

Author Comment

by:MrGD
ID: 38787344
Better to play it safe for sure.  Not much more to also protect the Exchange Server.  What about the cloud service then?  Let's say I go with one of the End Point Service products that offers File Server, Mail Server, and spam.  Would I still need the cloud service like SpamSoap to scan the emails before they come in?  Am I saving any man-hours or adding a level of protection by having this redundancy?
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 38789039
Sure. Reduces load on the server. Doesn't hurt. I do both.
0
 

Author Closing Comment

by:MrGD
ID: 38814400
Thanks for the recommendations.  Installed both.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AD CONNECT:  Installing AD FS without AD CONNECT (or not)? 4 41
Exchange powershell help 2 28
Exchange 2010 RU 16 5 26
open ost file into new machine? 7 47
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now