Microsoft Exchange Server 2013: Connectivity, Clients, and UM by Paul Robichaux

Author:Paul Robichaux [Paul Robichaux]
Language: eng
Format: epub
Tags: COMPUTERS / Information Technology
ISBN: 9780735678323
Publisher: Microsoft Press
Published: 2013-10-03T16:00:00+00:00

Configuring server-based third-party anti-malware scanners

Two major classes of anti-malware scanners are available for Microsoft Windows servers: those that are aware of specific applications (such as Exchange) and those that are not. (There are also protocol-based scanners that inspect the SMTP conversation between server and client, inspecting the message headers, bodies, and attachments; these are often found in hosted scanning services or appliances.) Most vendors refer to their non-Exchange-aware scanners as file-based or file-level scanners because they check the contents of files on disk, looking for malware signatures. Many such products also hook into the Windows I/O manager so that when applications try to open a file, the scanner gets a chance to check it first.

File-level scanners typically scan files on disk as a background task and provide on-demand scans for programs and files as they are loaded into memory. Items that appear to contain malware are quarantined or removed. The problem, of course, is that Exchange databases and transaction logs can contain data that triggers a false positive, leading the scanner to try to fix a file that contains critical Exchange data.

Many organizations have policies that require the use of anti-malware scanners on every server. Others have policies that require the use of a particular vendor’s scanners, even if that vendor doesn’t make an Exchange-aware scanner. If you’re subject to these policies, what can you do? Do these problems mean that you shouldn’t run file-level scanners on Exchange servers? Not necessarily, although if you have the option of using only Exchange-aware products, that would probably be a better choice. Microsoft recognized some years ago the risks of using non-Exchange-aware scanners on Exchange servers, and it’s released guidelines for doing so without putting Exchange at risk. Microsoft has a complete list of guidelines for Exchange at http://technet.microsoft.com/EN-US/LIBRARY/BB332342(V=EXCH.80).ASPX, but they can be summarized as follows:

Don’t let the scanner scan any data file Exchange owns, including transport queues, databases, transaction logs, Offline Address Book (OAB) files, Group Metrics files, log files for the CAS or mailbox server processes,and diagnostic files Managed Availability uses. Most scanners allow you to exclude specific directories, which is important to ensure that you don’t fail to exclude any of the important files.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.