Personally, I would make sure I had anti-virus on my Exchange servers - either Trend or Antigen. For your situation, you have Trend Virus Wall protecting you at your Internet point of entry and NAV for desktops protecting you from all desktops that have it installed.
That leaves you with no protection from any machines brought inside your network without up to date virus patterns. Your Exchange server would be at a potential risk depending on what the virus/worm did. You could also get a big political black eye if a virus goes visibly through your mail system.
You'll have to evaluate that risk for yourself and your own company. Is there any possibility a user might bring a computer in from home and plug it in to your internal network? What about a vendor/presenter that needs to print something? Do you have any wireless networks? Are you 100% sure that no unknown computers will plug into your internal network?
Jacqueline
-----Original Message-----
From: Lathrum Matt-P55173 [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 10, 2002 1:42 PM
To: MS-Exchange Admin Issues
Subject: RE: Is virus protection on the Exchange server necessary?
I have considered the use of external web mailboxes. Even if they would pull it down, the AV on their desktop should clean it. Even if it doesn't clean it and it spreads internally, a simple ExMerge against the offending attachment would take care of the problem. I take some stock in what our Microsoft resident has to say and I'm trying to get my ducks in a row before proposing it to our security department. Is my logic above flawed? Is it not as simple as that? Are there other issues I'm not considering?
--
Matt Lathrum
General Dynamics Decision Systems
When cryptography is outlawed,
bayl bhgynjf jvyy unir cevinpl.
-----Original Message-----
From: Steven Peck DNET [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 10, 2002 10:36 AM
To: MS-Exchange Admin Issues
Subject: RE: Is virus protection on the Exchange server necessary?
No anti-virus on Exchange? Ick.
Years ago, during the 'Iloveyou' virus, we had .vbs attachment blocking on the Exchange gateway. We also had McAffee on the server(so it was fairly useless anyway). On to the story. We weathered the first few hours of the global outbreak just fine, THEN, one of the developers who was downloading his Hotmail account into his Outlook through POP3 'opened' an attachment from the CEO of a client. BAM, our poor server was infected. (No, I do not know why he would think that the CEO of a client company would send him a message that said he loved you, we did ask him and he was unable to answer <shrug>).
This doesn't even account for the few folks who bring in files from home on floppies or CD's.
I would not run without anti-virus on the Exchange server. Even one I consider as slow as McAfee. McAfee's main problem seems to be that it cannot keep up with an infection once it starts replicating.
Of course, we disabled POP and IMAP through the firewall and discovered that the developers thought the INCONVIENIENCE of renaming vbs and js files to txt tooo onerous so they had done an end run with the hotmail accounts. Needless to say, a number of attachments became imposible to mail internally as well, and several people had to explain to managers WHY they had bypassed normal proceedures which cost the company money in downtime, etc, etc.
There are a number of entry points for virii, so you jut kind of have to go with a layered defense and protect everything as well as posible.
Hope this helps.
-sp
-----Original Message-----
From: Lathrum Matt-P55173 [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 10, 2002 10:10 AM
To: MS-Exchange Admin Issues
Subject: Is virus protection on the Exchange server necessary?
Our environment has Trend running on the firewall for anti-virus and content filtering. We have NAV running on the desktops. We are currently evaluating Antigen and SAVF (Symantec) to put on our E2K Exchange servers (including an E2K cluster on a Compaq SAN). However, our Microsoft resident is suggesting to us that AV on the servers themselves is not necessary and will only introduce problems and instability (particularly Symantec's product). He said that when a virus outbreak occurs that actually gets inside, a quick ExMerge on the server is just as effective as pushing out virus defs using the AV product.
With AV software on the firewall and on the desktops, what do people think about not putting AV on the Exchange servers themselves?
--
Matt Lathrum
General Dynamics Decision Systems
When cryptography is outlawed,
bayl bhgynjf jvyy unir cevinpl.
List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:http://www.sunbelt-software.com/exchange_list_charter.htm
