Ironport Antivirus and Exchange client AV

rdoss--79 · ‎02-01-2012

With Ironport's antivirus scanning feature is it recommended to also run an email scanning software on Exchange too?

Andreas Mueller · ‎02-03-2012

Helly Ryan,

definitely yes, as viruses can infect a system in many other ways as just arriving by email. Security holes of the OS, infected CDs and USB sticks, and don't forget hosts on the internal network connecting to the Exchange server directly, they could be infected to.

In general, while having an Cisco IronPort appliance with AV running it is still nessesary to have a working AV solution installed on all PCs in your network.

Hope that helps,

Andreas

rdoss--79 · ‎02-03-2012

I don't mean an general antivirus client (ie Microsoft Forefront Endpoint Protection 2010). I will definitely run that on Exchange for the reasons you mentioned but I'm wondering about an antivirus program that also scans incoming and outgoing emails for virus' along with spam (ie Microsoft Forefront Protection 2010 for Exchange Server). I guess ultimately I'm wondering if I need to have two separate programs (ironport and and an AV program) scanning my emails for virus' and spam?

Ken Stieers · ‎02-03-2012

if you mean a second av in the flow to and from exchange (internet->ironport->av 2->exchange), I'd say "No"

the Ironport has 2 scanners, Forefront will have others. You're more than covered.

Ken

Andreas Mueller · ‎02-06-2012

Hello Ryan,

thanks for the clarification, I think it still makes sense to use an AV solution on the Exchange server that also scans emails. Reason for that is that messages sent from and to internal addresses won't leave the server, so they are a potential danger to other users in the network. It is not really nessesary for end users to have such an email scanner installed on their computers, this should be covered by the normal AV scanner which will hopefully take action once the user tries to save and open an infected attachment.

So AV sanning of Emails on the Excahnge/Email Server: Yes, on the end user hosts: No.

Regards, Andreas

ninoroygaleos · ‎02-27-2012

Hi Ryan Doss,

there are 2 factors that we may consider one is,

yes because virus can easily be nested on the memory resident level and file level but one thing you should have to exempt is on the file level scanning. File-level antivirus scanners scan a file when it is used or at a scheduled interval. The file scan causes a file to be locked when Exchange Server tries to access the file while it is being scanned. This causes an Exchange Server Information Store failure to lock the file. Eventually, this causes the file to become corrupted or unusable. All dynamic files that are used by Exchange Server must be exempted from file-level scanning. The core list of files that should be exempted are all .edb files, .log files, .chk files, and STM files. We recommend that all folder-hierarchy-containing files that are used by Microsoft Exchange Information Store be exempted from file-level scanning or else it may ends up database corruption.
no, if you have limited resources. because, exchange eat too much resources plus anti-virus scanning it will slash the exchange throat into out of resources and therefore the clients may later suffer a slow access and unable to connect which would be a worst case at the following stage.

My point is that look first on the Servers perspective before Clients perspective.

Hope this would helps you to determine the good side.

-nino.