none
Anti malware / anti spam / virus protection RRS feed

  • Question

  • Greetings,

    With the introduce of Exchange Server 2013 along with its architecture, Microsoft has moved Transport services / roles to Mailbox Server Role. well, when it comes to anti malware / anti spam and viruses , Microsoft recommends deploying them on Mailbox Server role, while on CAS, not necessarily be deployed as long as messages are not inspected on CAS Servers.

    While some articles say the opposite, and mention configuration of Anti malware ,etc.. on CAS Servers.

    What is the best practice for deploying anti malware / spam / virus  Software on CAS, and what is the best recommended software for messaging and OS level protection, say Symantec for example.

    Thanking you

    Jamil

    Wednesday, April 2, 2014 8:05 AM

Answers

All replies

  • a combined role is preferred because of the high-end hardware available today. you may install a separate CAS if you are multi/large org. Usually most of the time filtering is done at the perimeter or you can use Microsoft ForFront Protection as they use multi-level of scanning.

    Where Technology Meets Talent

    Sunday, April 6, 2014 2:07 AM
  • ExchangeITPro

    my question was:

    What is the best practice for deploying anti malware / spam / virus  Software on CAS, and what is the best recommended software for messaging and OS level protection, say Symantec for example?

    Thanks

    Sunday, April 6, 2014 5:41 AM
  • there no single answer to this. it varies from organization to organization and their business needs and size of the organizations. A 100 user organization does not need to have the same solution as 100,000 user mailbox. So it totally depends what your business needs are.

    here is an article --

    http://technet.microsoft.com/en-us/library/jj218660(v=exchg.150).aspx#Strategy


    Where Technology Meets Talent

    Sunday, April 6, 2014 5:46 AM
  • ExchangeITPro

    what is the relation between your answers and my question?

    my question is how to protect CAS server regardless of users count or whatever, it is not that you just want to drop a reply whatsoever its relation to original post

    my question was and still:

    What is the best practice for deploying anti malware / spam / virus  Software on CAS, and what is the best recommended software for messaging and OS level protection, say Symantec for example?

    Sunday, April 6, 2014 5:51 AM
  • you need to do research - what are you looking for .. TechNet is full of best practices if you bothered to read.

    no one on this forum will suggest you any vendor recommendation - we do not work for any vendor .. at least I don't. Or in other words you are waiting on someone's recommendation to implement the changes in your environment.

    Best practices for a multi cas environment will be different then a single cas server..so you must give more details or do the research first.

    you just can't throw a random question and ask best practices...in general.


    Where Technology Meets Talent

    Sunday, April 6, 2014 5:56 AM
  • Thanks,

    if you don't have a professional reply, please keep other replies from posting.

    Protection of CAS Server is not related to number of users or number of CAS servers, this is a reality and never been a random question, but it requires experienced members to reply

    Sunday, April 6, 2014 6:04 AM
  • Hi,

    Based on my knowledge, in Exchange 2013, the CAS server acts as a stateless proxy for all inbound and outbound external SMTP traffic, it does not inspect message content and does not queue any messages locally. Moreover, as you know, in Exchange 2013,  the Transport service, which runs on all Mailbox servers, is almost identical to the Hub Transport server role in previous versions of Exchange.

    Thus, anti-spam agents in Exchange 2013 run on Mailbox servers. And here is a reference about enabling Anti-Spam on Mailbox Servers:

    http://technet.microsoft.com/en-us/library/bb201691(v=exchg.150).aspx

    Thanks,


    Angela Shi
    TechNet Community Support

    Tuesday, April 8, 2014 11:29 AM
  • Angela,

    Thank you for your reply, the architectural changes of Exchange Server 2013 you mentioned are all correct.

    My question is not about message inspection "the email is self", which is done on Transport, not on CAS.

    My Question how to / and what to install to protect the CAS Server, i.e. what to include / exclude from scanning on the server "Files, Directories, or other components"

    Thanking you

    Tuesday, April 8, 2014 12:13 PM
  • My Question how to / and what to install to protect the CAS Server, i.e. what to include / exclude from scanning on the server "Files, Directories, or other components"

    You must exclude specific directories for each Exchange server on which you run a file-level antivirus scanner. This section describes the directories that you should exclude from file-level scanning.

    http://technet.microsoft.com/en-us/library/bb332342(v=exchg.150).aspx

    All Versions of Exchange

    http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx


    Where Technology Meets Talent

    • Marked as answer by Jamil.Saif Friday, April 11, 2014 2:57 PM
    Wednesday, April 9, 2014 4:53 AM
  • Any update?

    Where Technology Meets Talent

    Friday, April 11, 2014 2:49 PM
  • The update is

    http://technet.microsoft.com/en-us/library/bb332342(v=exchg.150).aspx

    what I was looking for

    Thanks ExchangeITPro

    Friday, April 11, 2014 2:57 PM