Chapter 10: Antivirus Protection | Secure Messaging with MicrosoftВ® Exchange Server 2003 (Pro-Other)

Overview

Be careful about reading health books. You may die of a misprint.

”Mark Twain

Computer viruses have been with us for a long time. However, over the last few years , virus creators have become more sophisticated, and so have their viruses. In particular, virus writers have gotten devilishly good at exploiting the features of messaging systems to spread their wares much faster than old-school, file- based viruses. Fortunately for us, the available antivirus tools have largely kept pace, and third-party vendors have taken advantage of the interfaces Microsoft supports for antivirus tools on the desktop and the Exchange server. (Interestingly, the most effective way to scan for file- and memory-based viruses remains the use of a DOS-based scanner; these tend to catch about 99 percent of viruses, whereas some more complicated Windows-based scanners only catch around 80 percent!)

Note

Remember that viruses aren t the same as worms. The latter (exemplified by Blaster, Welchia, Slammer, and Nimda) can spread to and infect your Exchange server, which is why the patch management techniques and lockdown practices described in Chapter 6, Windows Server Security Basics, are so important. However, in this chapter I m going to confine my remarks to the problem of scanning stored and in-transit messages for viruses, not worms; for best protection, you should make sure that you ve studied the material in Chapter 6 and applied it where appropriate.

Of course, these solutions are only effective when they re deployed properly and in a timely manner. Antivirus software is a defensive layer that forms a critical part of your defense in depth; it s necessary, but not sufficient unto itself. In this chapter, I begin by explaining some foundational principles of virus protection, then go on to discuss the methods you can use to protect your networks and servers, and the questions you should ask when choosing an antivirus product.

Note

Because this book is about messaging security, I haven t spent any time talking about scanning file servers for viruses. It s important that you protect these servers, though, because if they re infected, the infected files they serve could end up as attachments in your Exchange store or on your clients . Adding file-server scanning protects you against CodeRed and Nimda-style attacks that attempt to compromise all files on visible shares, and it adds a needed layer to your defense in depth.