Virus Protection for Exchange Server

Virus protection to protecting things like file servers and domain controllers against viruses, pretty much any server grade antivirus software will do. When you throw in an Exchange Server though, the antivirus software requirements change drastically. When your organization hosts its own mail server, files are routinely moved in and out of the organization through that mail server. As such, it is necessary to protect against viruses on many different levels. There are actually two different types of antivirus software that need to be run on Exchange servers. The first type is file level antivirus software. This is the same type of antivirus software that you would use to protect any other type of server. Its job is to monitor the server's file system and remove any viruses that it may find. Next, the server needs some antivirus software that is specifically designed for Exchange Server. The reason for this is because e-mail viruses do not exist on an Exchange Server in the form of standalone files. Instead, they are stored in the Exchange mailbox store along with all the other messages. You therefore need an antivirus application that knows how to read an Exchange database, and how to remove an infected file from an Exchange database without corrupting the database and the process. The next level of protection that you'll need is workstation level antivirus software. There are two main things that you should look for in workstation antivirus software. First, the software needs to be designed so that it integrates itself into Microsoft Outlook. That way the software can scan messages as they are opened. Second recommendation that I would make regarding workstation antivirus software, is that you should use something different than what is running on your Exchange Server. For example, if you are running Norton Antivirus on your Exchange Server, then you might consider running software from McAfee or Trend Micro on your workstations. The reason for doing this is that when new viruses are discovered, you never know which antivirus company is going to publish a signature for the new virus first. Imagine for example that you were running Norton Antivirus at both the server and the workstation level. Now imagine that a new e-mail virus was released and that Symantec had not yet published a signature for the virus. If someone were to e-mail a copy of the virus to someone in your organization, there would be no preventing an infection because you have no signatures to defend against the virus. Now suppose that instead of running Norton Antivirus on your workstations, you were running Trend Micro's PC-cillin. If the same virus were e-mailed to someone in your organization, the virus would not be eradicated at the Exchange Server level because Norton Antivirus does not yet have a signature for the virus. However, there is a possibility that the virus could be stopped at the workstation level. Norton Antivirus doesn't have a signature yet, but PC-cillin might. Of course the next time around Symantec might beat Trend Micro in publishing a signature. The point is that if you use multiple antivirus vendors, you double your chances of having a signature in place when a virus arrives. There is one more type of antivirus software that I would recommend having in place. I would recommend using a Gateway level antivirus product. A Gateway level antivirus product stops viruses as they flow in or out of your organization. As I'm sure you know, most of the e-mail viruses that have come out are designed to replicate themselves by sending a copy of themselves to all of the victim's contacts. If one of your users were to somehow become infected by an e-mail virus, that virus would probably try to e-mail copies of itself to people outside of your organization. Your gateway level antivirus software could delete the infected messages as they are leaving your organization.

Stay Tuned