Malware protection on Exchange 2010 servers


With our Exchange 2010 SP3 servers hosted on premise and having subscribed to cloud based email secure gateway services with likes of 'Symantec' or 'Mimecast' and having end point malware protection on user workstations using the likes of ' McAfee' or 'Sophos', what are the residual threats that would be mitigated by deploying another Malware protection technology component on the base exchange 2010 server itself?

Is it needed?

If it is, then I see that there are various players operating in this area with the likes of ' McAfee Security for Microsoft Exchange 8.0.0' and ' Symantec Mail Security for Microsoft Exchange (doesn't seem to support Exch 2010 SP3 though)'. Which one does the community recommend? Also, is there is a native Microsoft product in this area?

Who is Participating?
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
You have two layers to protect - the file system and Exchange itself.
For the file system, use what you have everywhere else and then configure the exclusions.

For Exchange itself, I usually make two recommendations.
1. Don't use the same vendor as you do on workstations.
2. Don't use the big boys (Symantec, McAfee, Trend, CA).

Multi engine is good - GFI Mail Security would be one option here. MS Forefront was excellent, but as already mentioned, it has been dropped. I used to like AVG but the latest version has given me headaches.

MS used to provide Forefront for its Exchange servers, but discontinued:

I like ESET myself, the flexible licensing (upgrade whenever you want, how you want) and good pricing (3 years for the price of 2). Doesn't matter how you do business with them (directly or through a reseller), the whole track is mighty short, meaning good communication, quick updates (quotations in 5 minutes, and another 5 minutes for the actual license to be dropped in your mailbox upon agreeing on the sale).
Documentation on the website is detailed, but if you have questions, the reseller will be able to answer them, if not, there's still the ESET knowledge base or online support.
Go here:
Press Mail Security, then click Request trial behind the Exchange.
Please be aware of the most simple facts: the endpoint mail client (outlook) does not allow executable attachments to be opened. They are simply not even shown by default. You could further secure it by disallowing compressed content (zip/rar,...) but would you want that? It would be more effective than AV no matter where it is implemented.
Then, there would still be attachments that contain links inside attached documents/att. html files, links inside the mail body. Links will normally not be detected harmful by AV softwares but who knows where they are leasing to? Drive by infections, malicious downloads, phishing...

I don't see how exchange based AV can change that principles.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.