Anti-Virus API 2.5

Previous page
Table of content
Next page

The first VSAPI appeared in Exchange 5.5 SP3 (v1.0) and was updated in SP1 for Exchange 2000 (v2.0). With the release of Exchange Server 2003, the VSAPI has been updated to v2.5.

The new VSAPI allows virus-scanning applications to delete messages and send notifications. It also allows for better user interaction when a virus is found. Virus-scanning vendors can now also scan for viruses on all the different types of Exchange servers (front-end servers, bridgehead servers, and so on) instead of just the servers that host Exchange Mailboxes.

This allows anti-virus vendors to create applications that eliminate problems on the periphery of your network without infecting a large number of servers or workstations in the network. Front-end scanning is based on the principle of getting to the virus or Trojan before it gets to you. Through the new capabilities of the VSAPI, anti-virus developers have more options than before for intercepting potentially crippling viruses or Trojans.

Several anti-virus software vendors have announced support for VSAPI 2.5, including Sybari, Network Associates, McAfee, and TrendMicro. The following sections examine some of the features of the API, what is different between versions of Exchange, and how the new VSAPI is used to extend and protect Exchange 2003.

CHECKING ON VSAPI SUPPORT

If you are unsure whether your anti-virus product supports the VSAPI method, consult your product documentation and check the registry key at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\VirusScan to see if an entry is present. If the entry is there, your virus-scanning software is using the VSAPI.


VSAPI Overview

The VSAPI 2.5 in Exchange 2003 works in a similar manner to the API available in previous version of Exchange: Email messages are queued in a two-tier system with high and low priority, with about 30 low-priority scans queued at a time. Most messages are scanned as low priority behind the scenes after the high priority items; however, if a user wants to view an email message that hasn't been scanned, this message is marked high priority and processed first. This way, the user can still work effectively with his Mailbox without any real delays.

End User Features

From an end user's perspective, all the features and functionality exposed via the VSAPI are behind the scenes. Enhancements to the API mean that during the scanning process, your anti-virus software can delete messages entirely if they are infected, and warning messages and more information can be sent to both the sender and recipient.

This feature depends on the anti-virus software exposing this functionality, but considering the way it can improve the effectiveness of the anti-virus software, you should see this feature filter through to the anti-virus products on the market today.

Topology

Previous versions of the VSAPI only supported scanning for virus scanning the core Exchange servers that hosted Mailboxes for your organization. With the introduction of VSAPI version 2.5, however, you can implement anti-virus solutions for your front-end and bridge-head servers as well. This protects the periphery of your Exchange implementation, eliminating viruses before they become a problem.

Multithreading

Like version 2.0 of the VSAPI, version 2.5 scans all the email messages in a single queue, but with Exchange 2003, this queue is multithreaded, with a factor of 2+1 against the number of processors. For example, if you had a quad processor server running Exchange, this would enable 2 * 4 processors + 1 = 9 threads to run at once, permitting multiple submissions to a single anti-virus provider.

Event Monitoring

The VSAPI also provides event monitoring for monitor events that are related to virus scanning, including loading of vendor .DLLs and programs, viruses, and errors when using the VSAPI. To see the events that are logged through the VSAPI interface, follow these steps:

  1. Verify that you have a virus-scanning application that supports VSAPI 2.0+ installed on the server.

  2. From Administrative Tools, select the Event Viewer.

  3. Check the Application Event Log for events with a Source of MSExchangeIS and a Category of Virus Scanning, as shown in Figure 11.1.

    Figure 11.1. Events that are related to the VSAPI appear here.

    graphics/11fig01.jpg

You can view these events at any time and use the event logs to track down problems related to virus scanning or identify viruses that have been found within your Exchange installation.

Performance Monitoring

Another key area that has been improved is performance monitoring for virus-scanning applications. Exchange administrators use these tools to troubleshoot any degradation in Exchange performance and look behind the scenes to see what messages or items still need to be scanned, how many messages are scanned per second, and so on.

To turn on VSAPI performance monitoring, follow these steps:

  1. From the Administrative Tools console, open the Performance Monitor application.

  2. Click the Plus icon to open the dialog box shown in Figure 11.2. This is where you select the counters to measure.

    Figure 11.2. You can now monitor the performance of the VSAPI.

    graphics/11fig02.gif

  3. Change the drop-down list for Performance Object to MSExchangeIS, which stands for Microsoft Exchange Information Store.

  4. Navigate through the list of available counters until you locate the counters that relate to virus scanning, some of which appear here:

    • Virus Scan Bytes Scanned

    • Virus Scan Files Cleaned

    • Virus Scan Files Cleaned/sec

    • Virus Scan Files Quarantined

    • Virus Scan Files Quarantined/sec

    • Virus Scan Files Scanned

    • Virus Scan Files Scanned/sec

    • Virus Scan Folders Scanned in Background

    • Virus Scan Messages Cleaned

    • Virus Scan Messages Cleaned/sec

    • Virus Scan Messages Deleted

    • Virus Scan Messages Deleted/sec

    • Virus Scan Messages Processed

    • Virus Scan Messages Processed/sec

    • Virus Scan Messages Quarantined

    • Virus Scan Messages Quarantined/sec

    • Virus Scan Messages Scanned in Background

    • Virus Scan Queue Length

  5. Highlight a counter and click Add to add the counter to the Performance Monitor.

  6. When you are finished adding all the counters, click OK to accept your selection and return to the Performance Monitor application.

The counters that you selected now appear on the graph, similar to the one shown in Figure 11.3. They allow you to monitor your virus-scanning application.

Figure 11.3. The Performance Monitor.

graphics/11fig03.gif

Virus-Scanning Applications

The features explored thus far depend primarily on the anti-virus software that you choose to install and configure. Most anti-virus vendors update their offerings to take advantage of the features within the VSAPI version 2.5 to make Exchange 2003 one of the most secure messaging platforms available.


Previous page
Table of content
Next page
Microsoft Exchange Server 2003 Delta Guide
Microsoft Exchange Server 2003 Delta Guide
ISBN: 0672325853
EAN: 2147483647
Year: 2003
Pages: 109
Authors: David McAmis, Don Jones
BUY ON AMAZON
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Ruby Cookbook (Cookbooks (OReilly))
Comparing, Designing, and Deploying VPNs
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy