Anti-virus and anti-spam for Microsoft Exchange 2013

Posted on 2014-11-05
Last Modified: 2014-11-12
Hi Guys,

I'm going to stop using Mimecast filtering for a client as we are upgrading everything to Exchange 2013. I heard the anti-spam and anti-malware in Exchange 2013 is quite good. Do you guys agree with this?

Is this anti-malware like a proper anti virus scanner for emails? One of my colleagues was suggesting Karspersky, but I'm not a big fan, it is quite heavy in my opinion. I don't want the server to slowdown because of a anti virus that is not very well optimised.  We know it works at least and has a good detection rate, but this is talking only about the normal anti virus software work a server/workstation, not for a email server.

Do you guys have any suggestions please?
Question by:Alex
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40423933
The built in tools within Exchange 2013 are very basic. I wouldn't call them "good". They can work in some scenarios, but most clients find them inadequate. There is no GUI for them, so everything is done with command line.

If you are happy with Mimecast, why not stick with them? The upgrade to Exchange 2013 doesn't make any difference.

When it comes to AV, there isn't much between the products now. I tend to suggest the first thing that goes off your list is whatever you have on your desktops (so if you are using McAfee on your desktops, you don't consider their product for Exchange).

Spam tools are a completely different matter. I have seen every product fail and every product work. That has to be evaluated. The only criteria I use at the start is cost. So if the client allows £10 a user, then products that want more than that get scratched off the list.


Author Comment

ID: 40425728
Powershell to configure spam filters is definitely a no go for me.

Costs, mimecast costs a lot per user and the client doesn't want it.

Well we use only Microsoft RDS servers and Citrix for this client, they don't have fat desktops only thinclients.

We were thinking about £15 per user per year for the protection of anti-virus/anti spam. Mimecast is about £70 at the moment just for filtering/spam/archiving. They don't need archiving anymore.

LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40425733
You are going to struggle to get it down to £15 a user unless you have a lot of users.
One of the more popular choices I have at a number of clients is GFI Mail essentials (Unified edition, for both AV and Antispam) and it only goes below £15 a seat at over 250 users.

You could look at using something open source for anti-spam (there a number of appliances out there) and then just use something for Anti-Virus. Spam blocking doesn't really need "definitions" in the same way, as the most effective method is to block based on the source, rather than the content.

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 40425918
I'm checking the anti-spam solution from Kaspersky as we are considering their light agent version for VMware so we have a virtual appliance doing all the heavy work, I'm not sure yet how the anti-spam works, will check the costs this afternoon. We have about 150 users for this company.

This GFI in your opinion, how does it compare to other major vendors regarding the level of protection and ease of use?

I understand I might need to go higher than £15 per seat, but definitely £70 for just Mimecast was a rip off.

The AV will be used in Microsoft RDS servers, so I believe we just need once license per RDS server, which are virtual machines. All user computers are thinclients.

Have you used these open source anti-spam solutions? Are they any good? I'm fine with open source software as long we can also have the option to pay for proper support, like with pfSense. It is a great thing, you don't pay for the firewall but pay for the support when needed.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40426041
You want to have different AV on the servers than you have on Exchange. So if you are considering Kapersky for the servers, then I wouldn't consider them for Exchange. Dual level of protection.
For Antivirus, the GFI product has worked very well everywhere I have put it. The product is multiengine, so it uses definitions from multiple vendors. The Microsoft Forefront product used to do this (and was the go to product for AV protection for Exchange), but that has been dropped as Microsoft try to push everyone to the cloud.

For spam protection, I have seen it work well and have seen it fail. That is why you must evaluate the product first.

With regards to Open Source, in the main they work well, I don't think I have ever really needed support. I used pfSense myself until recently, I never even needed to consider support. The main techniques for spam blocking haven't changed much, so once you have the products setup they tend to just run.


Author Comment

ID: 40433028
I understand your point but I need a central management console, so whatever is the AV we decide to go we will need to apply across all server and manage centrally.

GFI for spam filter would be a cloud solution that filter emails before reaching your server or a on premises solution installed on Exchange?
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 500 total points
ID: 40433049
Note I am referring to Exchange AV, not the OS AV. You can put whatever you like on the server to protect the rest of the OS, as long as you put the correct exclusions in for an Exchange server.

GFI (as an example) can be purchased either as on premise or cloud based. Most of my deployments are on premise simply to stop users from emailing inappropriate material between themselves (still get users sending 25mb videos about, instead of putting them on file shares).


Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…
Suggested Courses
Course of the Month7 days, 11 hours left to enroll

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question