Windows Server - anti-virus and anti-spam

Asked By Johnfli

20-Oct-08 06:16 PM

I am looking for a good anti-virus/anti-spam software for my SBS2003 box.
I run exchange, so I would also like this software to monitor all incoming
and outgoing emails.
I would also like it to be able to tell if there is aclient machine that
seems to be pushing a lot of emails through it.  (meaning if there is a
virus, or malware on a client machine and it's usign the exchange server so
send out spams)


thanks

Windows Server SBS Discussions

Antigen
(1)

Report
(1)

SMTP
(1)

ManagerIf
(1)

NeilH
(1)

Antimalware
(1)

Kaspersky
(1)

Symantec
(1)

Chuc replied...

20-Oct-08 06:31 PM

You might want to check out Sophos Small Business Edition. Have been using it
for over 4 years now and find it to be one of the best.

Amnon Feiner replied...

20-Oct-08 06:40 PM

I use Trend Micro worry free version5, and like it very much.

--
Amnon Feiner

Cliff Galiher replied...

20-Oct-08 06:46 PM

There are a couple of issues there:

1) Regarding antivirus/antispam software, treat those as separate products
on the server.  A good antivirus software will include client monitoring as
long as you by enough client licenses to monitor all of your clients.
Symantec, Trend Micro, CA, NOD32 all play in this space.  Each environment
is different and each sysadmin has their own preferences.  Download trial
editions and test drive them until you find one that *you* like.  After all,
someone could praise Trend Micro all they want, but if it breaks your LOB
custom-written inventory application then all that praise does you no good.
Testing for yourself is the only *real* solution.

2) Treat Antispam the same way.  Although some companies may 'bundle' their
packages, when installed they still operate very differently. As well they
should since are trying to accomplish different goals.  And maybe you like
Symantec's corporate AV product but not their exchange-aware antispam.  So
you may end up mixing and matching....NOD32 for AV and GFI for antispam.
But the only way to find out is to download and test.  Each sysadmin has
their own preferences for ease-of-use vs configurability, so there is not a
whenever possible my installations include a UTM firewall with spam
filtering.  That way I don't even have to install "yet another" product on
my SBS box at all.  Spam is stopped before it gets there. But that is a
personal preference.

3) As far as monitoring for compromised machines, no product will do this
accurately.  Antivirus software should be viewed as a protective measure.
It is good at keeping bad stuff off of your machine, but if something bad
*does* get past the AV then why should you trust the AV to know it.  The
malware has already shown that it circumvented the AV once, so it could lie
to any heuristics engine the AV tries to employ.  Or simply disable the
product in the background and sent false "ok" messages to the monitoring
server.  The simple truth here is that spotting an infected machine requires
diligence on the part of the IT department.  Reports of a machine behaving
poorly/slowly is a good sign.  Monitoring the weekly usage report will show
any malware using Exchange to send mail (unlikely, BTW.)  And monitoring
firewall logs (you do have a firewall, right?!?) will reveal any machines
attempting to run their own SMTP server for spamming (far more likely.)  So,
as you can see, finding a  bad machine doesn't come from one piece of
information such as an AV snap-in, but comes from aggregating *all* of your
sources for information with a pinch of plain old experience added to the
recipe.

Hope that helps,

-Cliff

Amnon Feiner replied...

20-Oct-08 06:49 PM

True, I forgot to add, my TM is AV, and for anti-spam for Windows based
clients is Surf Control.

John replied...

20-Oct-08 07:53 PM

And checkout Microsoft Antigen for Exchange with Antigen Spam Manager
If you will be moving to SBS2008 eventually then it uses Microsoft
ForeFront (old name Antigen) antivius/antispam and it's fully
intergrated within the new SBS...comers with multiply antivirus
engines Sophos, CA Vet, Kaspersky,Norman Data Defense, Microsoft
Antimalware .it's a lowish cost 12mth subscription...30day demo.
http://technet.microsoft.com/en-us/bb738101.aspx

Cheers
Out_theBack


On Mon, 20 Oct 2008 15:31:00 -0700, Chuck

You might want to check out Sophos Small Business Edition. Have been
using it
for over 4 years now and find it to be one of the best.



*************************************************
Outback Computers
-converging communications and computer technologies

27-31 Munster Terrace, North Melbourne  Australia
**************************************************

Duncan McC replied...

20-Oct-08 07:38 PM

Chuck@ says...

I will back that up - excellent product, albiet one of the dearer
solutions, seems to be one of the best.

--
Duncan

JimGrau replied...

21-Oct-08 04:30 PM

Hello, Johnfli:

My replies/comments are in-line, below:



I have been using Sunbelt Software's Ninja E-mail Security with great
results.   They have a fully-functional eval version, and I heartily
recommend including it among your test solutions.
--
Best regards,
Jim Graue

Neil Hoskins replied...

22-Oct-08 09:24 AM

The only choice for anti-spam if you want to have control over it is ORFEE.
I'm running Trend for anti-virus at the moment but regretting it; I've had
two worms and a drive-by come straight through in the last few months when
they were picked-up instantly by the NOD32 that I use at home.

NeilH

Previous Discussion: roaming user profile not working

Exchange - Error stating ScanTimeExceede when sending email with attachments. Windows Server

this problem, and the only thing related to ScanTimeExceede i found was a software called Antigen from Microsoft. But this SBS don't have that installed. What can this be, any clues? Thank you. Fernando Windows Server SBS Discussions Microsoft Exchange (1) Antigen (1) Outlook (1) ScanTimeExceede (1 Report (1) SMTP (1) Windows (1) Tomcat (1) Hello Fernando, Thanks for posting in our newsgroup. From your rights. - -- -- -- -- -- -- -- -- -- - Hi, Thanks for your reply. I searched "scantimeexceeded" message, this is caused by Microsoft Antigen for Exchange. Since you don't have this software installed, most of time, it's caused by ISP. You can contact your ISP to check if they have Antigen installed To double confirm this, let do the following: Step 1: Check if the e take that test and let me know the result. More info: How to configure the SMTP connector in Exchange 200x http: / / support.microsoft.com / kb / 265293 Hope this helps. I am appreciated. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = This posting is provided "AS IS" with no warranties, and confers no rights. - -- -- -- -- -- -- -- -- -- - with Antigen time, issue. your e-mail, the corresponding manner. the are newsreader, doing Please rights. email

SBS 2008 Protection - Microsoft or Trend? Windows Server

Small Business Server 2008 (1) Forefront Client Security (1) Windows Server 2008 (1) XBox (1) Antigen (1) Vista (1) Ah, of course it has. I remember the announcement now. - - Spence Computing your network behind a REAL firewall and have the firewall also filter HTTP, FTP, POP3, SMTP sessions for removal of content and spam. - - - Igitur qui desiderat pacem, praeparet bellum. - Calling an gurus I know disparage Symantec's Exchange products and categorically prefer ScanMail or Forefront (nee Antigen). Amen, bruddah. lanwench@heybuddy.donotsendme.unsolicitedmailatyahoo.com says. . . The only "Exchange Aware" product that I as part of the Firewall solutions I've seen nothing provide better protection for Exchange / SMTP / POP3 than the UTM / Appliance filtering. I've tried about everything on the market, the dismiss it just because it is an MS product. Forefront for Exchange, for example, (or Antigen) I like. Forefront Client Security. . . . still needs some work. Forefront for Sharepoint. . .haven't tried released. But there is a significant lifecycle to this. The security team also gets a report of a flaw in a product. THIS is the team that "researches the stuff the

SMTP Log Reporting Windows Server

SMTP Log Reporting Windows Server Hi All, I am looking at the best way to provide information on SMTP traffic passing through ISA 2004. I have enabled SMTP filter + Message screener with event alerts. The default reports on traffic only shows total connections and kbs. What is the best way to Interrogate SMTP traffic with more details; do I need to copy W3C logs and use excel or access? Incoming SMTP Outgoing SMTP Domains Blocked SMTP Any help much appreciated. ISA Discussions Information (1) Traffic (1) Passing (1) Enabled (1) Filter been moved into the newest verion of Exchange which is a more logical place for SMTP "stuff" to be. So I would be very careful about making yourself "dependent" on it

windows 2000 server update error Windows Server

890 AU # WARNING: Download failed, error = 0x80246008 2007-03-08 11:36:51 1848 394 Report REPORT EVENT: {15041BA9-DA2F-4EB6-8E88-DC054D471865} 2007-03-08 11:36:45-0700 1 161 AutomaticUpdates Failure Content Download Error: Download failed. 2007-03-08 11:36:51 1848 394 Report REPORT EVENT: {8996CD09-96BA-4354-8428-135240056311} 2007-03-08 11:36:45-0700 1 161 AutomaticUpdates Failure Content Download Error: Download failed. 2007-03-08 11:36:51 1848 394 Report REPORT EVENT: {5FB7BCB5-BD80-4067-8D01-E0BD4745D527} 2007-03-08 11:36:45-0700 1 161 AutomaticUpdates Failure Content Download Error: Download failed. 2007-03-08 11:36:51 1848 394 Report REPORT EVENT: {C65697B6-2B79-4EA4-9E5D-AB2F320CD9F2} 2007-03-08 11:36:45-0700 1 161