Exchange Server 2003, Exclusions and On-Demand Scans

Discussion in 'NOD32 version 2 Forum' started by JAB, Apr 17, 2007.

Thread Status:
Not open for further replies.
  1. JAB

    JAB Registered Member

    Joined:
    Apr 17, 2007
    Posts:
    36
    I'm thinking of deploying NOD32 on our Exchange Server 2003 running on Windows Server 2003. Microsoft KB245822 and KB823166 contain various warnings about files and folders that should not be scanned by file-based anti-virus software on an Exchange Server 2003. I know from past experience that ignoring these warnings can cause problems. In fact, the ESET XMON documentation contains various warnings about items that should be excluded within AMON.

    While AMON supports exclusions, the NOD32 on-demand scanner does not. How are people here using NOD32 on Exchange Server?

    1. Are you simply not running periodic, on-demand scans? If so, don't you worry about missing dormant malware that was dropped before ESET supported detection?

    2. Are you running periodic, on-demand scans against everything on the Exchange Server despite the warnings and not having problems?

    3. Are you doing something else?

    Thanks.

    /jab
     
    Last edited: Apr 17, 2007
  2. jftuga

    jftuga Registered Member

    Joined:
    Mar 9, 2007
    Posts:
    64
    Location:
    Athens, GA
    I like to know the answers to the question too. I would also like to know about SQL Server mdf and ldf files.

    -John
     
  3. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    I've read through hundreds of pages of installation manuals from various AV to verify how they handle exclusions. I can't find much about this issue, so every other AV ignores this or it is handled correctly by the AV (which I doubt). The only information I can find is from Microsoft and as a consequence I need to follow the guidelines, unless my AV vendor can assure me he has implemented them.

    Following the Microsoft guidelines is a lot of work. I have to make an inventory of all the databases in use, standardize all my servers so that all the databases are on the same location, implement exlusions in my server packages. This is a nice change and configuration management process. I'm still looking for an easier solution.

    I'm not running on-demand scan on my Exchange server, because I can't use exclusions in NOD32 v2. I don't worry about dormant malware, maybe I should but right now I have more important issues to worry about.

    Information about SQL server can found in this thread

    As soon as I have more time I will update the information in this thread.
     
  4. JAB

    JAB Registered Member

    Joined:
    Apr 17, 2007
    Posts:
    36
    Both Symantec and Trend, at a minimum, contain documented features for automatically handling Exchange servers. They also, like McAfee, Kaspersky Avira and presumably many, many others, support exclusions, which allow one to implement Microsoft's guidelines.

    While Microsoft's guidelines can be difficult to work through, they aren't too onerous. In my Trend installation, they require adding about twelve exclusions. (Yes, I add the exclusions in addition to using the built-in Trend feature for Exchange servers.) And, as you point out, most of the work in implementing those guidelines across servers is something one should be doing from a configuration management process anyway.

    /jab
     
  5. andrator

    andrator Registered Member

    Joined:
    Feb 10, 2006
    Posts:
    54
    Location:
    Netherlands
    Hi Jab,
    Thanks for the addition on Exchange. I failed to emphasize that the manuals I read were not Exchange, but the general AV and how they handle various exclusions.
     
  6. JAB

    JAB Registered Member

    Joined:
    Apr 17, 2007
    Posts:
    36
    Not sure I follow. Both the Trend and Symantec documentation contain information about how to configure those products so as not to interfere with Exchange. I was not referring to Exchange documentation.

    Nonetheless, the real problem, upon which I believe we both agree, is that NOD32 does not support exclusions for on-demand scans. A feature that automatically implements the exclusions recommended by Microsoft is good. Supporting exclusions in general is better. Of course, doing both is best. :)

    /jab
     
Thread Status:
Not open for further replies.