Protecting Exchange Server 2003 from Viruses

 <  Day Day Up  >  

Exchange Server 2003 does not provide what is typically thought of as antivirus software (i.e. an application that gets installed and enabled to scan for viruses) but it does provide various tools and an Antivirus Application Program Interface (AVAPI) that help to protect the messaging infrastructure from viruses and worms. Third-party vendors , such as the ones listed in Table 12.3, can hook their antivirus applications into the AVAPI to gain access to messages as they are handled by Exchange.

Table 12.3. Third-Party Antivirus Products for Exchange Server 2003

Vendor/Product

Web Site

Sybari's Antigen for Exchange

http://www.sybari.com

Aladdin's eSafe Mail

http://ealaddin.com/esafe/mail

GFI MailSecurity for Exchange

http://www.gfi.com/mailsecurity

Panda Antivirus for Exchange Server

http://www.pandasecurity.com

Trend's ScanMail for Microsoft Exchange

http://www.trend.com

Symantec 's AntiVirus/Filtering for Microsoft Exchange

http://enterprisesecurity.symantec.com

Softwin's BitDefender

http://www.bitdefender.com

Sophos MailMonitor for Exchange 2000

http://www.sophos.com

There are many mechanisms that can be used to protect the messaging environment from viruses and other malicious code. Most of third-party virus scanning products scan for known virus signatures as well as provide some form of heuristics to scan for unknown viruses. Other anti-virus products block suspicious or specific types of message attachments at the point of entry before a possible virus reaches the information store.

As alluded to, there are two fundamental ways for anti-virus products to keep viruses from affecting the information store:

  • Gateway Scanning Gateway scanning works by scanning all messages as they go through the SMTP gateway (typically to the Internet). If the message contains a virus or is suspected of carrying a virus, the antivirus product can clean, quarantine, or delete it before Exchange has to do any further processing. More specifically , a transport event sink takes the message and places it into a queue to be scanned.

  • Mailbox Scanning Mailbox scanning is useful to remove viruses that have entered the information store. For example, a new virus might make it into the Exchange information store before a signature file that can detect it is applied, so the virus is not detected by the gateway scanner. The information store can be rescanned after the new pattern file is installed, cleaning the viruses that made it in. If a user opens a virus-laden message, the mailbox scanner will clean it. A mailbox scanner will also scan messages created from the internal network so that if a user brings a floppy disk from home with an infected file that is then emailed to a colleague, the message will not go through the SMTP gateway but the mailbox scanner will detect and clean it upon submission to the mail store.

The New AVAPI 2.5 Specification

Exchange Server 2003 AVAPI is a new and improved version compared to earlier versions supported in Exchange's predecessors. Antivirus vendors use this specification to provide a robust solution against viruses, worms, and spam.

The more notable features of AVAPI version 2.5 in Exchange Server 2003 include the following:

  • Gateway scanning occurs before mail even gets to the mailbox.

  • The ability to clean, quarantine, or delete messages is available. (AVAPI version 2.0 supported removing the virus, but still delivered the message.)

  • Additional message properties are now exposed.

  • More detailed status codes are available to Outlook from vendor software.

  • Guaranteed outbound scanning is offered .

 <  Day Day Up  >  


Microsoft Exchange Server 2003 Unleashed
Microsoft Exchange Server 2003 Unleashed (2nd Edition)
ISBN: 0672328070
EAN: 2147483647
Year: 2003
Pages: 393
Authors: Rand Morimoto

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net