SQL Server Magazine

Administrators and users often want to add capabilities to their packaged software. Microsoft delivers on some—but not all—of its customers' requests for new features, leaving a functionality hole for third-party vendors to fill with add-on software products. As with other Microsoft products, a rich set of third-party add-ons complement Microsoft Exchange Server 2003 and Exchange 2000 Server.

Microsoft refers to an "ecosystem" that encompasses its server products. The Exchange ecosystem includes application developers and vendors whose add-ons fill functionality gaps in Exchange. Like a coral reef, the Exchange ecosystem is quite rich and complex. (In that simile, I suppose that Exchange is the great white shark.) Here, I look at four categories that make up an important subset of Exchange add-on software: antivirus, antispam, backup and recovery, and document management. For each category, I explain how to choose a product, provide questions you should ask when evaluating a particular product, and supply a partial list of vendors.

Antivirus Software
With exploits such as CodeRed, MyDoom, and SQL Slammer still fresh in your mind, you can easily see why antivirus software for Exchange is popular. Although Exchange doesn't scan for or eliminate viruses, it provides the antivirus API (AVAPI), which third-party products can use to access Exchange messages and attachments. To protect your Exchange mail system from viruses, you must use third-party antivirus products.

Effective antivirus protection requires multiple layers of defense. Ideally, your Exchange environment should have three tiers of protection. The first tier is a gateway scanner that checks all incoming and outgoing messages for viruses. A gateway scanner operates on the principles that preventing viruses from entering your network offers the best protection and that you should block outbound viruses before they spread to other networks, such as those of your customers and business partners. You typically run a gateway scanner on a system that you keep separate from your mailbox servers.

Some gateway scanners work by acting as SMTP proxy servers; they accept messages and then scan them, passing on clean messages to your Exchange SMTP bridgehead server. Other products use the Exchange event sink mechanism to access the Exchange SMTP service and scan messages. A few gateway scanners support Exchange 2003's updated AVAPI 2.5, which lets them check messages passing through an Exchange 2003 front-end server. Examples of gateway scanners include the CipherTrust IronMail appliance, Trend Micro's InterScan VirusWall, and Tumbleweed Communications' Tumbleweed Email Firewall.

The second layer of antivirus defense includes Exchange-aware scanners that use various methods to scan the messages sent to, and received by, recipients in the mailbox or public folder databases on your Exchange mailbox servers. Don't use conventional file-based antivirus tools (i.e., tools that aren't Exchange-aware) on your Exchange server's database, log, and queue directories or on the M pseudodrive. Such tools often damage or corrupt databases while attempting to remove viruses, and they sometimes falsely detect viruses in logs and queue files. Using file-based scanners on the Windows and Exchange binaries is all right; just keep the scanners away from \exchsrvr\mdbdata.

Exchange-aware scanners can use the Messaging API (MAPI) or AVAPI to scan messages in the Exchange Store. In general, AVAPI-based scanners offer much better performance than MAPI-based scanners but lack some of the MAPI-based scanners' functionality. The difference in functionality isn't the scanners' fault; some operations, such as deleting an infected message, are impossible with early versions of AVAPI. Some scanning products, such as Sybari Software's Antigen for Microsoft Exchange, hook directly into the Extensible Storage Engine (ESE) DLL, which lets them access the database directly and provides excellent performance. Although Microsoft previously didn't support such scanners, the company's current position is more lenient: If you have a problem with ESE and you use an ESE-based scanner, you must temporarily disable the scanner to obtain help from Microsoft Product Support Services (PSS). However, in my experience, scanners that use the ESE DLL are robust. Trend Micro's ScanMail for Microsoft Exchange and Symantec Mail Security for Microsoft Exchange are other examples of Exchange-aware scanners. (Table 1 lists contact information for Exchange add-on vendors I mention in this article. For a more complete list of Exchange add-on vendors, see the Microsoft Exchange Server Partner Products Web site at http://www.microsoft.com/exchange/partners/e2ksolutions.asp.)

The third layer of antivirus defense is the ubiquitous desktop-based antivirus scanner. You should install antivirus scanners on all your desktop systems to head off viruses that penetrate your network from the Internet, infected laptops that connect to your network, or infected files that are loaded onto a network system. Perimeter- and Exchange-based scanners don't block these desktop-borne infections. You're probably familiar with desktop antivirus scanners, such as Network Associates' McAfee VirusScan and Symantec's Norton AntiVirus.

Regardless of the type of Exchange antivirus product you need, you should ask the following questions when evaluating products:

   Prev. page   [1] 2 3     next page