Anti-virus and anti-spam for Microsoft Exchange 2013

Posted on 2014-11-05
Last Modified: 2014-11-12
Hi Guys,

I'm going to stop using Mimecast filtering for a client as we are upgrading everything to Exchange 2013. I heard the anti-spam and anti-malware in Exchange 2013 is quite good. Do you guys agree with this?

Is this anti-malware like a proper anti virus scanner for emails? One of my colleagues was suggesting Karspersky, but I'm not a big fan, it is quite heavy in my opinion. I don't want the server to slowdown because of a anti virus that is not very well optimised.  We know it works at least and has a good detection rate, but this is talking only about the normal anti virus software work a server/workstation, not for a email server.

Do you guys have any suggestions please?
Question by:Alex
  • 4
  • 3
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40423933
The built in tools within Exchange 2013 are very basic. I wouldn't call them "good". They can work in some scenarios, but most clients find them inadequate. There is no GUI for them, so everything is done with command line.

If you are happy with Mimecast, why not stick with them? The upgrade to Exchange 2013 doesn't make any difference.

When it comes to AV, there isn't much between the products now. I tend to suggest the first thing that goes off your list is whatever you have on your desktops (so if you are using McAfee on your desktops, you don't consider their product for Exchange).

Spam tools are a completely different matter. I have seen every product fail and every product work. That has to be evaluated. The only criteria I use at the start is cost. So if the client allows £10 a user, then products that want more than that get scratched off the list.


Author Comment

ID: 40425728
Powershell to configure spam filters is definitely a no go for me.

Costs, mimecast costs a lot per user and the client doesn't want it.

Well we use only Microsoft RDS servers and Citrix for this client, they don't have fat desktops only thinclients.

We were thinking about £15 per user per year for the protection of anti-virus/anti spam. Mimecast is about £70 at the moment just for filtering/spam/archiving. They don't need archiving anymore.

LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40425733
You are going to struggle to get it down to £15 a user unless you have a lot of users.
One of the more popular choices I have at a number of clients is GFI Mail essentials (Unified edition, for both AV and Antispam) and it only goes below £15 a seat at over 250 users.

You could look at using something open source for anti-spam (there a number of appliances out there) and then just use something for Anti-Virus. Spam blocking doesn't really need "definitions" in the same way, as the most effective method is to block based on the source, rather than the content.

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.


Author Comment

ID: 40425918
I'm checking the anti-spam solution from Kaspersky as we are considering their light agent version for VMware so we have a virtual appliance doing all the heavy work, I'm not sure yet how the anti-spam works, will check the costs this afternoon. We have about 150 users for this company.

This GFI in your opinion, how does it compare to other major vendors regarding the level of protection and ease of use?

I understand I might need to go higher than £15 per seat, but definitely £70 for just Mimecast was a rip off.

The AV will be used in Microsoft RDS servers, so I believe we just need once license per RDS server, which are virtual machines. All user computers are thinclients.

Have you used these open source anti-spam solutions? Are they any good? I'm fine with open source software as long we can also have the option to pay for proper support, like with pfSense. It is a great thing, you don't pay for the firewall but pay for the support when needed.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40426041
You want to have different AV on the servers than you have on Exchange. So if you are considering Kapersky for the servers, then I wouldn't consider them for Exchange. Dual level of protection.
For Antivirus, the GFI product has worked very well everywhere I have put it. The product is multiengine, so it uses definitions from multiple vendors. The Microsoft Forefront product used to do this (and was the go to product for AV protection for Exchange), but that has been dropped as Microsoft try to push everyone to the cloud.

For spam protection, I have seen it work well and have seen it fail. That is why you must evaluate the product first.

With regards to Open Source, in the main they work well, I don't think I have ever really needed support. I used pfSense myself until recently, I never even needed to consider support. The main techniques for spam blocking haven't changed much, so once you have the products setup they tend to just run.


Author Comment

ID: 40433028
I understand your point but I need a central management console, so whatever is the AV we decide to go we will need to apply across all server and manage centrally.

GFI for spam filter would be a cloud solution that filter emails before reaching your server or a on premises solution installed on Exchange?
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 500 total points
ID: 40433049
Note I am referring to Exchange AV, not the OS AV. You can put whatever you like on the server to protect the rest of the OS, as long as you put the correct exclusions in for an Exchange server.

GFI (as an example) can be purchased either as on premise or cloud based. Most of my deployments are on premise simply to stop users from emailing inappropriate material between themselves (still get users sending 25mb videos about, instead of putting them on file shares).


Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now