Exchange Server 2007 and Anti-Virus

Antivirus for Exchange Server comes in two different flavors, file-level antivirus and information-store antivirus. More than likely, the antivirus package you purchase will provide these capabilities as separate options.

A file-level antivirus program is responsible for scanning the Exchange server itself, the files, folders, and volumes on the actual computer-however it doesn’t access the information stores (the databases that contain e-mail and public folders). The information-store antivirus program is responsible for scanning incoming and outgoing email as well as the existing contents of the information stores, however it doesn’t access any external files.

Having both information store and file-level antivirus is important. While they both protect you against viruses, they do so in different ways. The file-level antivirus stays aware of the content of files on your server, but is not aware of what is in your Exchange databases. The information store antivirus cleans incoming (and outgoing) email, but is not aware of any other potential viruses on your Exchange server’s file system.

If I was required to choose one or the other, I would probably go with the information store antivirus. Good server practices and general safe-computing practices can usually protect a file system. However, viruses and worms coming from the Internet cannot be adequately protected against without some automated assistance.

Choosing an antivirus vendor is akin to choosing a religion. Folks have vendors that they love and vendors that they hate. No single product is perfect. If you join a company after the choice has been made, overcoming historical inertia may be impossible because antivirus isn’t cheap. However, if you have a no-name antivirus solution, you may wish to make the effort. Protecting e-mail is important.

The three ‘old-timers' in the Windows Server antivirus world are Symantec Antivirus (whose home versions are called Norton Antivirus), Network Associates Antivirus (whose home versions are called McAfee Antivirus), and Computer Associates (with their eTrust solution). Some might claim that these solutions are getting a big long in the tooth, and the current versions try to do too much. Large memory footprints and poor performance are common complaints you may read on mailings lists and newsgroups.

The ‘middle-aged' solution is Trend Micro. It still does a fine job.

However, in recent years there are more solutions available. Some of which are loved by their users. One of these is NOD32 by Eset Software. Many people currently say that it is the best anti-virus solution available, bar none. It has the smallest memory footprint available along with the best performance.

There are certainly many other solutions out there.

However, there is another solution you should keep in mind. In the last two years, Microsoft has purchased two antivirus companies. Sybari, which was known for its super-fast Exchange information store scanning (and for providing multiple anti-virus engine plugins), and GeCAD, which was a Romanian anti-virus software company.

These two products have been rolled into Microsoft’s Forefront series of products. While they may not be the best right now, you shouldn’t underestimate Microsoft when they enter a market.