locked
Exchange file and process exclusion - file level virus scanning RRS feed

  • Question

  • I was directed to this guide by the vendor of the (new) antivirus software that I have just installed on a Exchange 2007 SP3 RU8 server:

    http://technet.microsoft.com/en-us/library/bb332342(v=EXCHG.80).aspx

    The antivirus program includes a component that monitors the Exchange mailbox databases and sending and receiving of messages as well as a file level scanning component which is what interest me here.

    The program interface allows one the exclude the files quite easily (in most cases I excluded the parent folders as excluding each file would have been more than fastidious).

    But how do you exclude a process?

    Exclude the corresponding executable file, for example, store.exe ?

    Also, what do you think of the comments at the bottom of the article? I too feel that there are some many exclusions that it's almost like having no (file-scanning) AV at all. I don't know enought about programming to write a virus, but if I wanted to compromise an Exchange server, I'd try to write something that would operate from one of the exluded areas or hook onto one of the excluded processes.

     

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Saturday, September 22, 2012 10:40 PM

Answers

  • I don't run file-level AntiVirus on Exchange servers. Don't feel its necessary. 

    You'll need to ask the vendor how to exclude a process from AV scanning for their product.

    Saturday, September 22, 2012 11:14 PM