Anti Virus Software

Anti Virus Software

Post by Thanh Gian » Sun, 10 Feb 2002 05:25:51



I'm looking to purchase a anti virus software for Exchange
5.5 and don't know which one to get. I know Symantec can
cause some problems on the Exchange server. Does any know
which anti virus software i should get?

Thanh Giang

 
 
 

Anti Virus Software

Post by CysKo » Sun, 10 Feb 2002 05:42:42


NAV, have it, used it, no virus for 3 years, no problems either. HIGHLY
RECOMMENDED!!!


Quote:> I'm looking to purchase a anti virus software for Exchange
> 5.5 and don't know which one to get. I know Symantec can
> cause some problems on the Exchange server. Does any know
> which anti virus software i should get?

> Thanh Giang


 
 
 

Anti Virus Software

Post by Ed Crowley [MVP » Sun, 10 Feb 2002 06:36:59


Most administrators I know like Trend Micro's ScanMail for Microsoft
Exchange and Sybari Antigen best.
--
Ed Crowley
MVP - Exchange
Compaq Computer

Quote:> I'm looking to purchase a anti virus software for Exchange
> 5.5 and don't know which one to get. I know Symantec can
> cause some problems on the Exchange server. Does any know
> which anti virus software i should get?

> Thanh Giang

 
 
 

Anti Virus Software

Post by Mike » Sun, 10 Feb 2002 09:16:36


We've used NAV for 3 years. The previous version, 1.5, used to fail to
scan with no alert (just event in App log). The one we use now, 2.12,
has only one flaw, as far as I can tell: alerts for some messages
(outgoing? like NDRs) include no information on the location of the
infected attachment (mailbox, sender). Symantec blames this on
Microsoft's VAPI.

On the current server, we're approaching 100GB of mail scanned, more
than 1 million items, 842 infections found: 745 quarantined, 119
repaired, 1 logged only (failed to scan).

Based on this ng, there *used* to be issues with NAV causing corrupt
databases but that was a century ago.

Mike D


> I'm looking to purchase a anti virus software for Exchange
> 5.5 and don't know which one to get. I know Symantec can
> cause some problems on the Exchange server. Does any know
> which anti virus software i should get?

> Thanh Giang

 
 
 

Anti Virus Software

Post by Arlo Clizer [MVP » Sun, 10 Feb 2002 09:35:03



Quote:> We've used NAV for 3 years. The previous version, 1.5, used to fail to
> scan with no alert (just event in App log). The one we use now, 2.12,
> has only one flaw, as far as I can tell: alerts for some messages
> (outgoing? like NDRs) include no information on the location of the
> infected attachment (mailbox, sender). Symantec blames this on
> Microsoft's VAPI.

> On the current server, we're approaching 100GB of mail scanned, more
> than 1 million items, 842 infections found: 745 quarantined, 119
> repaired, 1 logged only (failed to scan).

> Based on this ng, there *used* to be issues with NAV causing corrupt
> databases but that was a century ago.

> Mike D

I'll agree with those statements. I'm currently using 2.12 and have been
for quite some time. It seems to be very robust as compared to earlier
versions. I would recommend that you go with Sybari or Trend's Exchange
products unless you got a steal of a deal with Symantec's corporate package
like we did.

Regards,

--
Arlo Clizer
Exchange MVP
FAQ located at http://www.swinc.com/resource/exch_faq.htm

 
 
 

Anti Virus Software

Post by Ron » Sun, 10 Feb 2002 16:27:26


I've been using NAVMSE for over a year too. Never had any problems at all. I
used version 2.12 and upgraded it to version 2.17. Still no problems. Lots
of admins love antigen or scanmail. Don't have anything much to say about
those products because I've never used them.


Quote:> I'm looking to purchase a anti virus software for Exchange
> 5.5 and don't know which one to get. I know Symantec can
> cause some problems on the Exchange server. Does any know
> which anti virus software i should get?

> Thanh Giang

 
 
 

Anti Virus Software

Post by Michael Abbaticchio [MVP » Mon, 11 Feb 2002 12:27:27


I've worked with a few and here is what I have to say in brief about each:

Sybari:  Best scan speed and most versatile options, however it ties very
tightly into store.exe and creates a dependency, where your IS is dependent
on your anti virus services.   While this garentees your store won't run
unprotected, I am not to fond of this.  Also uses multiple thrid party scan
engines, which give you an edge when a new virus outbreak happens.

Norton's NAVMSE:  Works very well.. Install can be somewhat tricky,
signature updates are reliable, however the interface is pure html, and when
the service is busy, such as during an outbreak, the interface is slow to
the point of being useless.  Options are somewhat limted and so is
reporting.

Trend Scanmail:  This one is my overall recommendation.  Install as well as
uninstall are no brainers and clean.  Interface is very easy, and html
interface is optional.  Performance is second to Sybari, as far as scan
speed, however I only used it in MAPI mode.

NAI Groupshield:  This is my least favorite,  It adds things to the Exchange
Directory, which make uninstall tricky.  In MAPI mode, it is quite sluggish
in catching virus before the user does.  Also, NAI seems to have this habbit
of sending out scan engine updates that cause problems, and their signature
updates are large.

--
regards,
Michael Abbaticchio
http://www.exchangemvp.com

***********************************************************************
The preceeding information is offered on an  "as-is"
basis, and the author assumes no liability for the technical
accuracy, nor any damages resulting from the use of this
information.
***********************************************************************

Quote:> I'm looking to purchase a anti virus software for Exchange
> 5.5 and don't know which one to get. I know Symantec can
> cause some problems on the Exchange server. Does any know
> which anti virus software i should get?

> Thanh Giang

 
 
 

Anti Virus Software

Post by Rich Matheisen [MVP » Tue, 12 Feb 2002 01:33:23



Quote:>I've worked with a few and here is what I have to say in brief about each:

>Sybari:  Best scan speed and most versatile options, however it ties very
>tightly into store.exe and creates a dependency, where your IS is dependent
>on your anti virus services.  

Release 6.2, build 482(?) is required before E2K SP2 can be used. It
uses the VSAPI. No need for the shim.

Quote:>While this garentees your store won't run
>unprotected, I am not to fond of this.  

In practice this hasn't proven to be much of a problem. At most, we've
had to wait a day or two for Sybari to issue the registry values that
enable the use of the product on a new build of the store. In three
years of using this product this has only had the effect of delaying
the rollout of a SP by a few weeks -- and that's not been
earth-shattering.

Quote:>Also uses multiple thrid party scan
>engines, which give you an edge when a new virus outbreak happens.

It /can/ use multiple scanning software, but each one you add costs
money. :)

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm

 
 
 

Anti Virus Software

Post by Michael Abbaticchio [MVP » Tue, 12 Feb 2002 05:32:59





> Release 6.2, build 482(?) is required before E2K SP2 can be used. It
> uses the VSAPI. No need for the shim.

That sounds like good news.  I think .......  Are you saying that the
product now uses Exchange API's only now, and does not integrate with the
store or create any dependencies?

Quote:> In practice this hasn't proven to be much of a problem. At most, we've
> had to wait a day or two for Sybari to issue the registry values that
> enable the use of the product on a new build of the store. In three
> years of using this product this has only had the effect of delaying
> the rollout of a SP by a few weeks -- and that's not been
> earth-shattering.

Delaying the rollout of an SP is no problem in most cases, however the store
failing to start cause some cowboy admin installed an SP before checking any
compatibility issues could be considered a potential problem.  I know
they've got antutil.exe to disable the product and the dependency, but that
gives you a choice between an unprotected store or no store at all.

Quote:> It /can/ use multiple scanning software, but each one you add costs
> money. :)

Well if you don't want to spend the money for more than one, at least you
can pick the single one you like :)

Overall, I really liked the Sybari product, however Trend had gained my
overall confidence and was considerably less expensive, at the time I was
conducting my evaluations, although the difference was not THAT significant.

Quote:

> --
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm

--
regards,
Michael Abbaticchio
http://www.exchangemvp.com

***********************************************************************
The preceeding information is offered on an  "as-is"
basis, and the author assumes no liability for the technical
accuracy, nor any damages resulting from the use of this
information.
***********************************************************************

 
 
 

Anti Virus Software

Post by Rich Matheisen [MVP » Tue, 12 Feb 2002 06:54:17






>> Release 6.2, build 482(?) is required before E2K SP2 can be used. It
>> uses the VSAPI. No need for the shim.
>That sounds like good news.  I think .......  Are you saying that the
>product now uses Exchange API's only now, and does not integrate with the
>store or create any dependencies?

>> In practice this hasn't proven to be much of a problem. At most, we've
>> had to wait a day or two for Sybari to issue the registry values that
>> enable the use of the product on a new build of the store. In three
>> years of using this product this has only had the effect of delaying
>> the rollout of a SP by a few weeks -- and that's not been
>> earth-shattering.
>Delaying the rollout of an SP is no problem in most cases, however the store
>failing to start cause some cowboy admin installed an SP before checking any
>compatibility issues could be considered a potential problem.  I know
>they've got antutil.exe to disable the product and the dependency, but that
>gives you a choice between an unprotected store or no store at all.

Or to reinstall and restore.

We've not run into this problem yet (not the "cowboy" aspect, but the
inability to get the store started). Sybari's pretty responsive, and
there hasn't been any new SP's for 5.5 in a long time. By the time
there's another (if ever) we won't have any 5.5 servers left. The
product uses the AVAPI in E2K SP2, so the problem's no longer a
problem -- potential or otherwise.

Quote:>> It /can/ use multiple scanning software, but each one you add costs
>> money. :)
>Well if you don't want to spend the money for more than one, at least you
>can pick the single one you like :)

>Overall, I really liked the Sybari product, however Trend had gained my
>overall confidence and was considerably less expensive, at the time I was
>conducting my evaluations, although the difference was not THAT significant.

The MAPI scanners didn't fare very well with the large volume of
messages generated by that first wave of OL worms (and they still
don't). Any difference in cost was quickly made up by not having to
spend days cleaning up all that crud all over the world. :)

The early AVAPI scanned were an unmitigated disaster. :(

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm

 
 
 

Anti Virus Software

Post by Robb Edg » Tue, 12 Feb 2002 19:26:37



Quote:> I'm looking to purchase a anti virus software for Exchange
> 5.5 and don't know which one to get. I know Symantec can
> cause some problems on the Exchange server. Does any know
> which anti virus software i should get?

We run trend interscan, between firewall and exchange server.
stops all the cack hitting the server including spam and viri.
Desktops are all runing trend officescan, this stopped the likes of melisa
running before we set up the interscan box.
Havent installed the scanmail on the server, since the last av software i
installed was dire (macafee/dr solomons) and still giving me grief 2 years
later.

Robb

 
 
 

1. Looking for good Exchange 5.5 Anti-Virus Software

For obvious reasons, we are trying to do a quick analysis of available
anti-virus packages to scan incoming and outgoing mail on our Exchange
5.5 servers (running under NT Server 4.0).  We would love to hear any
good or bad experiences anyone out there has had with various products.
What do you recommend (or recommend avoiding)?  Have you seen any bad
interactions with server and/or e-mail software?  What is the balance
between true viruses detected and false alarms?  What do the packages do
when they find suspected viruses and how easy have you found this to
configure?  Have particular packages seemed to require particularly high
or low levels of administrator involvement?  How do they handle
compressed attachments?  How easy is it to keep the virus definitions
updated with as little routine human involvement as possible?

I know a lot of this is in vendor documentation so to the extent you may
be tempted to tell us to read it, that is totally fair.  However, what
we are really looking for here are real-world experiences to support or
refute the company sales pitches.

By the way, to the extent that it is a separate question, we are also
re-examining PC-level virus software.  If anyone cares to offer any
advice on that -- especially anything that can be managed at one network
location and used to easily update client machines -- that would be
great, too.

Thanks a lot.

Jon Levy
Chicago Department of Public Health

P.S. If possible, please use the reply-to address of

obviously am willing to forward whatever comes to my account since
anyone replying is doing us a favor anyway.

2. Remote W2K domain's users cannot access Exchange server via Outlook on NT4 domain...

3. Best Anti-Virus Software for Outlook/Exchange?

4. Absent Public Folder Information

5. Cost Effective Anti-Virus Software for MS Exchange 2000 Server

6. Lot off log files

7. Anti Virus Software for Exchange 2000

8. Ottawa, Ont.- ?course on Exchange server?

9. Anti Virus software for x400 message relay bridgehead

10. Anti-Virus software...

11. Best Anti-Virus Software for Outlook/Exchange?

12. Can anyone suggest anti-virus software?

13. Best anti-virus software for Exchange-5.5?