Exchange Server 2003 does not provide what is typically thought of as antivirus software (i.e. an application that gets installed and enabled to scan for viruses) but it does provide various tools and an Antivirus Application Program Interface (AVAPI) that help to protect the messaging infrastructure from viruses and worms. Third-party vendors, such as the ones listed in Table 12.3, can hook their antivirus applications into the AVAPI to gain access to messages as they are handled by Exchange.
Vendor/Product | Web Site |
---|---|
Sybari's Antigen for Exchange | http://www.sybari.com |
Aladdin's eSafe Mail | http://ealaddin.com/esafe/mail |
GFI MailSecurity for Exchange | http://www.gfi.com/mailsecurity |
Panda Antivirus for Exchange Server | http://www.pandasecurity.com |
Trend's ScanMail for Microsoft Exchange | http://www.trend.com |
Symantec's AntiVirus/Filtering for Microsoft Exchange | http://enterprisesecurity.symantec.com |
Softwin's BitDefender | http://www.bitdefender.com |
Sophos MailMonitor for Exchange 2000 | http://www.sophos.com |
There are many mechanisms that can be used to protect the messaging environment from viruses and other malicious code. Most of third-party virus scanning products scan for known virus signatures as well as provide some form of heuristics to scan for unknown viruses. Other anti-virus products block suspicious or specific types of message attachments at the point of entry before a possible virus reaches the information store.
As alluded to, there are two fundamental ways for anti-virus products to keep viruses from affecting the information store:
Gateway Scanning Gateway scanning works by scanning all messages as they go through the SMTP gateway (typically to the Internet). If the message contains a virus or is suspected of carrying a virus, the antivirus product can clean, quarantine, or delete it before Exchange has to do any further processing. More specifically, a transport event sink takes the message and places it into a queue to be scanned.
Mailbox Scanning Mailbox scanning is useful to remove viruses that have entered the information store. For example, a new virus might make it into the Exchange information store before a signature file that can detect it is applied, so the virus is not detected by the gateway scanner. The information store can be rescanned after the new pattern file is installed, cleaning the viruses that made it in. If a user opens a virus-laden message, the mailbox scanner will clean it. A mailbox scanner will also scan messages created from the internal network so that if a user brings a floppy disk from home with an infected file that is then emailed to a colleague, the message will not go through the SMTP gateway but the mailbox scanner will detect and clean it upon submission to the mail store.
Exchange Server 2003 AVAPI is a new and improved version compared to earlier versions supported in Exchange's predecessors. Antivirus vendors use this specification to provide a robust solution against viruses, worms, and spam.
The more notable features of AVAPI version 2.5 in Exchange Server 2003 include the following:
Gateway scanning occurs before mail even gets to the mailbox.
The ability to clean, quarantine, or delete messages is available. (AVAPI version 2.0 supported removing the virus, but still delivered the message.)
Additional message properties are now exposed.
More detailed status codes are available to Outlook from vendor software.
Guaranteed outbound scanning is offered.