Re: MS Exchange - Anti-virus

[Gary Flynn <flynngn () JMU EDU>]

John Ladwig wrote:
> Extra credit for *different* AV packages on clients and MTAs.  We have that, and it's more or less an accidental 
> side-effect, but it's interestng and may be useful in fast-break or low-volume cases, where AV vendors will roll signatures 
> well out of sync with one another.

Amen on that. We found an undetected piece of malware a couple weeks
ago, submitted it to both Sophos ( for our Mirapoint mail server ),
Symantec ( for our desktops ), and VirusTotal. Sophos came through
with detection capability overnight. We're still waiting on Symantec
to detect it.


>    -jml
>
> > > > "Consolvo, Corbett D" <corbett.consolvo () TXSTATE EDU> 2007-12-11 16:06 >>>
> I highly recommend both host and SMTP antivirus on Exchange servers for
> defense in depth, you never know how a piece of malware may spread :)
>
>
> We are using McAfee, I don't recommend McAfee for either host protection
> or SMTP protection on
> Exchange (we use it and have had performance problems...).  I have used
> Symantec with somewhat better luck in both cases - we are testing
> Forefront for 2007 right now.  I have been very interested in checking
> Sophos but have not had the time.
>
> Corbett Consolvo
> Information Security Analyst
> Texas State University
> Cc72 () txstate edu
>
> -----Original Message-----
> From: Cheek, Leigh [mailto:lcheek () UTK EDU]
> Sent: Tuesday, December 11, 2007 3:56 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] MS Exchange - Anti-virus
>
>
>
> I am auditing a cluster of MS Exchange 2003 servers. No anti-virus (AV)
> protection software is running on these servers and MS Office is not
> installed. Systems admins do not access e-mail or surf the Web from
> these servers.
>
> I know that there is a performance hit when you install AV software and
> that AV, especially McAfee, can be difficult to tune and testing is a
> must. From what I have read on blogs and at Microsoft's site, I believe
> that installing AV is best practice for protecting these servers.
>
> 1. I have heard of problems with McAfee. If you have installed AV on
> your MS Exchange servers, what are your using?
> 2. Do you believe AV should or should not on MS Exchange 2003 servers?
> Why?
>
> I appreciate your help.
>
> Thanks,
> Leigh Cheek, CIA, CISA
> Auditor
> Audit and Consulting Services
> University of Tennessee
> 149 Conference Center Building
> Knoxville, TN 37996-4114
> (865) 974-4420
> fax (865) 974-6171
> lcheek () utk edu


--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature