Microsoft Exchange 2000 Operations Guide — Version 1.076
You are likely to be protecting against viruses at several levels. These may include at the
firewall level, outside or at the SMTP Gateway, at each Exchange Server and at the client
level. You should of course bear in mind that non e-mail bound viruses can affect Ex-
change, so all your servers running Exchange should be protected against viruses in the
same way that clients are.
Virus scanning at the gateway means scanning each inbound message (and perhaps all
outbound messages as well) to detect and clean any infected content. Several vendors
provide such software. The neatest technical solution is to use an anti-virus product that
integrates as an SMTP event sink. Some vendors do not integrate with the SMTP engine
and require the use of the vendor’s proprietary SMTP engine. These solutions can work
very well, but troubleshooting an additional type of SMTP engine adds complexity to your
troubleshooting procedures.
Like gateway virus scanning, a number of vendors provide Exchange Server scanning
software. These products scan and disinfect content at the Exchange server and come in
one of two varieties:
Scanning software based on the Anti Virus API (AVAPI V2.0). This kind of anti-virus
software scans and disinfects virus-laden content before it is added to the Exchange
information store.
Scanning software that uses undocumented Exchange store interfaces. These products
generally work well, but there is additional support risk in using these products because
they use an unsupported interface. If there is a store-related incident on a server with this
product, Microsoft Product Support Services (PSS) will recommend that the anti-virus
software be disabled early in troubleshooting.
Both gateway-based and information store-based scanning products should provide an
automated mechanism for updating the virus scanning patterns. Having timely updates is
the best way to ensure that your Exchange implementation remains free of new nasty
viruses. Additionally, some scanning products offer the optional use of more than one
scanning engine, further increasing the likelihood of catching a virus before it infects your
systems.
As part of your operations you must ensure the following:
◆The virus protection is completely up to date at all levels.
◆You have defined procedures in the event of a virus infection.
◆You have a mechanism for handling attachments that pose a virus risk.
Staying CurrentNew viruses are constantly emerging, and they have the potential to spread worldwide
within a period of hours. If you are not fully up to date in your protection, then you run a
real risk of viruses infecting your organization. Your operations procedure should ensure
that all areas where you scan for viruses are fully up to date. You must make sure that you
receive regular security updates from your anti-virus vendors.