Exchange 2013 - AV tool to scan within DB's

We've recently has our internal security audit and they suggested we implement something to scan inside Exchange DBs and their services. We currently have AV on each server but this is to scan OS files, we exclude Exchange files as recommended.

This is new to me, I'm unaware that there was a need or a product that scans within Exchange DB's and their services. Any information and product recommendation would be appreciated. They did mention Trend Micro has a solution.

Thanks
Scotch TechITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

systechadminConsultantCommented:
Well, thats not even recommended, there is no antivirus to scan within the EDBs.

this might help you

https://blogs.technet.microsoft.com/mspfe/2011/05/05/exchange-server-recommendations-for-file-level-antivirus-scanners/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scotch TechITAuthor Commented:
I agree, in my experience it's NOT recommended, at least by MS. However in the security world it IS recommended and it's being done. I'm trying to understand more about it as we have to address this recommendation by auditors.
0
Wayne88Commented:
I use Kasperksy for Exchange.  https://help.kaspersky.com/ks4exchange/9.4/en-us/22779.htm

No issues or complaints here.  The email service is slower but I wouldn't trade that off for a peace of mind of having Exchange level threats scanner.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

timgreen7077Exchange EngineerCommented:
definitely don't scan the DBs. that is asking for trouble because that could lock up the DB or even accidentally delete it. trouble in the making of you do. MS recommends against this also.
0
AmitIT ArchitectCommented:
For your requirement, you need to implement DLP solution. It mandatory to exclude Exchange DB/Bin/Log from AV scanning. Else, it can corrupt your DB. I understand your audit requirement, however you need other solution.

Trend is a AV/AS scanning tool. I advise you to check EOP or Brightmail gateway. That is enough to scan the traffic.
1
btanExec ConsultantCommented:
Likely there will be conflict as those Exchange log or a database related files may be locked and even quarantined while Exchange 2013 at the same time tries to use the file. It has to be a whitelisting approach still, eventually at each file and process level. Email is a critical service that need more deliberate risk taking.

Ultimately the focus should be more towards the user education on phishing email and watch over privileged users administration activities.

https://technet.microsoft.com/en-us/library/bb332342(v=exchg.150).aspx
0
timgreen7077Exchange EngineerCommented:
provided answers to author, and closing question.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.