Malware protection on Exchange 2010 servers


With our Exchange 2010 SP3 servers hosted on premise and having subscribed to cloud based email secure gateway services with likes of 'Symantec' or 'Mimecast' and having end point malware protection on user workstations using the likes of ' McAfee' or 'Sophos', what are the residual threats that would be mitigated by deploying another Malware protection technology component on the base exchange 2010 server itself?

Is it needed?

If it is, then I see that there are various players operating in this area with the likes of ' McAfee Security for Microsoft Exchange 8.0.0' and ' Symantec Mail Security for Microsoft Exchange (doesn't seem to support Exch 2010 SP3 though)'. Which one does the community recommend? Also, is there is a native Microsoft product in this area?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MS used to provide Forefront for its Exchange servers, but discontinued:

I like ESET myself, the flexible licensing (upgrade whenever you want, how you want) and good pricing (3 years for the price of 2). Doesn't matter how you do business with them (directly or through a reseller), the whole track is mighty short, meaning good communication, quick updates (quotations in 5 minutes, and another 5 minutes for the actual license to be dropped in your mailbox upon agreeing on the sale).
Documentation on the website is detailed, but if you have questions, the reseller will be able to answer them, if not, there's still the ESET knowledge base or online support.
Go here:
Press Mail Security, then click Request trial behind the Exchange.
Please be aware of the most simple facts: the endpoint mail client (outlook) does not allow executable attachments to be opened. They are simply not even shown by default. You could further secure it by disallowing compressed content (zip/rar,...) but would you want that? It would be more effective than AV no matter where it is implemented.
Then, there would still be attachments that contain links inside attached documents/att. html files, links inside the mail body. Links will normally not be detected harmful by AV softwares but who knows where they are leasing to? Drive by infections, malicious downloads, phishing...

I don't see how exchange based AV can change that principles.
Simon Butler (Sembee)ConsultantCommented:
You have two layers to protect - the file system and Exchange itself.
For the file system, use what you have everywhere else and then configure the exclusions.

For Exchange itself, I usually make two recommendations.
1. Don't use the same vendor as you do on workstations.
2. Don't use the big boys (Symantec, McAfee, Trend, CA).

Multi engine is good - GFI Mail Security would be one option here. MS Forefront was excellent, but as already mentioned, it has been dropped. I used to like AVG but the latest version has given me headaches.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.