Is antivirus needed for Exchange 2010?

Dear all,

I have a pretty straightforward question.

Is antivirus needed on Exchange 2010 server?
For incoming traffic we have 2 fortimail spamfilters.

We used to have an antivirus that  ran file-level antivirus but it started giving performance issues.

Any suggestions?

Thank you
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Trent SmithCommented:
It is not "required" but I would strongly suggest having antivirus on it.  It is better to plan for the worst than to expect the best.
I recommend it.  We have multi-tiered AV and I wouldn't do without Exchange AV.  There is a big difference between file level AV and Exchange mailbox AV.  Give it the trial a try and it will surprise you what it detects.

If you have performance issues then:

1.  The machine is underpowered
2.  Something is hogging the server resources and you need to have it checked out

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
It's only required if you want to protect your network and end users.  A multi-tiered defense only helps protect you.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

btanExec ConsultantCommented:
You may even want to consider if the front tier can help Fortimail if it is running virus check and doing antispam. E.g. Fortigate FW has AV and antispam. The FW is supposed to focus on non latency-sensitive email-only services, the latter provide the first layer antispam to filter away straight off outright spam traffic, the Fortimail then does deeper inspection. this "offloading" may be more merciful to performance issue ... Most of the time AV scan on mail attachment is expected to eat into box performance.

Since you are facing the "performance issues", rather than jumping to switch in or out or offloading any components first, maybe have re-assess the fortimail baseline. E.g identify the process causing such issue e.g. going into CLI running "diagnose system top 10" and should be able to see the process names, their process ID (pid), status, CPU usage, and memory usage. It will continue to refresh. Actually we also need to be wary any additional antispam features should be enabled gradually, and not enable additional antispam features after you have achieved a satisfactory spam detection rate. Excessive antispam scans can unnecessarily decrease the performance of the FortiMail unit.

antispam tuning - it is never a one-off
• If logs are stored on the FortiMail unit, set logging rotation size (located in Log and Report > Log Settings > Local Log Settings) to between 10 MB and 20 MB, and set the event logging level to warning or greater. Delete or back up old logs regularly to free storage space.

• Regularly delete or backup old reports to reduce the number of reports on the local disk.

• Regularly delete old and unwanted mail queue entries and quarantined mail.

• Schedule resource-intensive and non-time-critical tasks, such as report generation and delivery of deferred oversize messages, to low-traffic periods.

• Disable resource-intensive scans, such as the heuristic scan (located in Profile > AntiSpam > AntiSpam), when spam capture rate is otherwise satisfactory.

• Consider enabling the Max message size to scan and Bypass scan on SMTP authentication in the Scan Conditions section of antispam profiles (located in Profile > AntiSpam > AntiSpam).

• If possible, format the mail and log disks regularly to improve disk performance.
Mal OsborneAlpha GeekCommented:
Also, the Fortinet can only help with filtering stuff post identification.

Say a guy releases a new virus on a Monday, and sends it out to 100 recipients. On Tuesday, it is still unknown, and sails through the Fortinet, and sits in a users mailbox. On Wednesday, antivirus companies analyse the new code, and update their patterns. Thursday, your Fortinet and Exchange AV update their patterns. At this point, the version in Exchange will be blocked if users attempt to access it, and a scheduled scan will pick it up.

Also, your users may configure a second account, to grab mail from their local ISP or Gmail, via an encrypted  connection, could have a laptop and update email at home, or might add an infected attachment to an outgoing email for a USB key. Exchange AV will find these, but the Fortigate will  not.
btanExec ConsultantCommented:
You cannot have a catch all 100% for virus since there is also zero days but the layer of checks at nework, system, appl and eventually endpoint machines minimally still gives higher chances if catching those malware running around. It is arm race but lets not be the last in the marathon..
Iradat SiddiquiCommented:
I hope this is the best solution I used this when I was working on exchange.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.