Educause Security Discussion mailing list archives

Re: MS Exchange - Anti-virus

From: Chris Steele <chris.steele () ANGELO EDU>
Date: Wed, 12 Dec 2007 10:14:30 -0600

We are running McAfee on our Exchange 2007 environment and while I  have not had major problems with it yet McAfee has 
tended to be a resource hog.  We are running Sophos on our Ironport appliance and McAfee on end users desktops.  
Forefront is on my list but like others it is not a the top of the list yet.

Thanks

Chris Steele
Technical Services Analyst
(325) 486-6204
chris.steele () angelo edu


-----Original Message-----
From: John Ladwig [mailto:John.Ladwig () CSU MNSCU EDU]
Sent: Tuesday, December 11, 2007 4:33 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] MS Exchange - Anti-virus

Extra credit for *different* AV packages on clients and MTAs.  We have that, and it's more or less an accidental 
side-effect, but it's interestng and may be useful in fast-break or low-volume cases, where AV vendors will roll 
signatures well out of sync with one another.

   -jml

"Consolvo, Corbett D" <corbett.consolvo () TXSTATE EDU> 2007-12-11 16:06 >>>

I highly recommend both host and SMTP antivirus on Exchange servers for
defense in depth, you never know how a piece of malware may spread :)


We are using McAfee, I don't recommend McAfee for either host protection
or SMTP protection on
Exchange (we use it and have had performance problems...).  I have used
Symantec with somewhat better luck in both cases - we are testing
Forefront for 2007 right now.  I have been very interested in checking
Sophos but have not had the time.

Corbett Consolvo
Information Security Analyst
Texas State University
Cc72 () txstate edu

-----Original Message-----
From: Cheek, Leigh [mailto:lcheek () UTK EDU]
Sent: Tuesday, December 11, 2007 3:56 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] MS Exchange - Anti-virus



I am auditing a cluster of MS Exchange 2003 servers. No anti-virus (AV)
protection software is running on these servers and MS Office is not
installed. Systems admins do not access e-mail or surf the Web from
these servers.

I know that there is a performance hit when you install AV software and
that AV, especially McAfee, can be difficult to tune and testing is a
must. From what I have read on blogs and at Microsoft's site, I believe
that installing AV is best practice for protecting these servers.

1. I have heard of problems with McAfee. If you have installed AV on
your MS Exchange servers, what are your using?
2. Do you believe AV should or should not on MS Exchange 2003 servers?
Why?

I appreciate your help.

Thanks,
Leigh Cheek, CIA, CISA
Auditor
Audit and Consulting Services
University of Tennessee
149 Conference Center Building
Knoxville, TN 37996-4114
(865) 974-4420
fax (865) 974-6171
lcheek () utk edu

Current thread:

MS Exchange - Anti-virus Cheek, Leigh (Dec 11)
- <Possible follow-ups>
- Re: MS Exchange - Anti-virus Consolvo, Corbett D (Dec 11)
- Re: MS Exchange - Anti-virus Kieper, David (Dec 11)
- Re: MS Exchange - Anti-virus John Ladwig (Dec 11)
- Re: MS Exchange - Anti-virus Charlie Prothero (Dec 11)
- Re: MS Exchange - Anti-virus Gary Flynn (Dec 11)
- Re: MS Exchange - Anti-virus Chris Steele (Dec 12)