I have a copy of InouclateIT Exchange Option you can have if you really want to give your Microsoft resident some ammo to support their argument ;-)
Why would you knowingly let a virus in just because it's "easy" to clean up? How many PC's/servers/etc will be melting down while you're shutting down Exchange to do the exmerge? How much of your sensitive data (passwords, whatever) could be floating out to wherever by that time? AV is not foolproof by itself. Not by a longshot. His comment is "...when a virus outbreak occurs that actually gets inside...". Hmmmm... I would personally want to be a bit more proactive. By the time you discover the virus even exists, it's may not just the Exchange server that's toast. We had a recent incident with an exe file (virus) that snuck by the SMTP proxy service (firewall) and got into the Exchange box before the latest AV signatures made it here. It made it into 41 mailboxes, oh joy.... Fortunately we hammered it with a trial version of a content filtering gateway (a test relay) that used a policy-based ruleset to strip it as it blew past the broken proxy on it's towards the not-yet-updated Exchange server (and ultimately a whole network of potentially-not-yet-updated PC's). We got the AV sig's a couple hours later, and even at that point it took some time (not much - but how much does a worm need?) for the sigs to roll out to every PC. But the test relay system rendered it useless. We were lucky. AV (clients, agents. etc.) and the SMTP proxy both failed us. A trial system saved out butts. Yeah, I know, having AV agent on the Exchange box did not help in this specific instance, but that's just the point - AV updates (even automated, on the Exchange server, or the desktops, wherever) always have the potential to leave little windows of opportunity for a brand-new and aggressive worm to get in. You have to plug every hole. You should be trying to kill it at the gateway, on any relay servers, on the Exchange box, on the desktops, at the servers, wherever you can. Defense in depth. Be proactive. Don't knowingly turn your back on any potential threats. > -----Original Message----- > From: Lathrum Matt-P55173 [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, April 10, 2002 1:10 PM > To: MS-Exchange Admin Issues > Subject: Is virus protection on the Exchange server necessary? > > Our environment has Trend running on the firewall for anti-virus and > content filtering. We have NAV running on the desktops. We are currently > evaluating Antigen and SAVF (Symantec) to put on our E2K Exchange servers > (including an E2K cluster on a Compaq SAN). However, our Microsoft > resident is suggesting to us that AV on the servers themselves is not > necessary and will only introduce problems and instability (particularly > Symantec's product). He said that when a virus outbreak occurs that > actually gets inside, a quick ExMerge on the server is just as effective > as pushing out virus defs using the AV product. > > With AV software on the firewall and on the desktops, what do people think > about not putting AV on the Exchange servers themselves? > > -- > Matt Lathrum > General Dynamics Decision Systems > When cryptography is outlawed, > bayl bhgynjf jvyy unir cevinpl. > > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
