Author Topic: what providers for exchange server  (Read 8563 times)

0 Members and 1 Guest are viewing this topic.

Battleship

  • Guest
what providers for exchange server
« on: August 02, 2005, 07:29:19 PM »
What are the recommended providers for exchange server?  obiously the exchange plugin, network shield, standard shield, web shield.  Do I need any more? I can't have my mail go down when I put the wrong providers on the smtp server mail stopped going through.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: what providers for exchange server
« Reply #1 on: August 03, 2005, 03:11:59 PM »
Exchange 2000/2003 AND SMTP 2000/2003 for sure.
Standard Shield is recommended for file system protection (but is not so important if the machine does not have the role of a file server as well).
Network Shield is recommended for blocking of network attacks.

All other providers  are optional and won't do much on an Exchange server. Internet Mail is NOT recommended as it will conflict with Exchange SMTP router.


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Battleship

  • Guest
Re: what providers for exchange server
« Reply #2 on: August 04, 2005, 11:39:26 PM »
Ok, just got this installed... all is well.  A quick question, you said to have the exchange provider and the smtp provider.  thats fine but when configuring both have options for blocking attachments, both have options for notifying people when a virus is found, etc.  There is some overlap here, do I have to configure both?  Won't I get dupe emails from avast as one message is picked up from the smtp provider and then the exchange provider?

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: what providers for exchange server
« Reply #3 on: August 05, 2005, 09:04:39 AM »
All right, I'll try to explain this.

The Exchange provider works on the Exchange Information Store level. This means that (at least in the case of Exchange 2003) it is guaranteed to be called before any object from the Store is accessed by the user. Object doesn't mean emails only - also includes Public folder items, contacts, schedules, TODO lists, schemas etc...

On the other hand, the MS SMTP provider works as a filter on the SMTP stack. That is, it scans each and every (inbound and outbound) message as it passes through the SMTP layer (please note that some messages, e.g. messages sent from one mailbox to another on the same server don't reach the SMTP stack at all).


From what I said above it might seem that the Exchange provider can do everything that the SMTP provider, and more. This is basically correct if we only consider the number of files scanned. However, since the Exchange provider is based on the Microsoft Exchange VS API (Virus Scanning API) it is limited in certain ways (these limitations are given by the API itself). For example, the Exchange plugin cannot be configured to delete the infected objects from the emails (just overwrite them, which might be sort of confusing for the user).


So unless you have a really high performance server (with very high throughput requirements) I recommend having turned on both of these shields (and live with the fact that some items are in fact scanned twice). As they say, better safe than sorry.


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Battleship

  • Guest
Re: what providers for exchange server
« Reply #4 on: August 05, 2005, 09:00:42 PM »
OK that helps a bit.  But here's what I have.  I have an smtp server sitting out in my dmz zone.  that has the smtp plugin.  then internall is my exchange server which has the smtp plugin as well as the exchange plugin.  So my mail would be scanned 3 times now?
And I'm trying to setup the attachment blocking by name.  What concerns me is on that page it says "Please note that these settings are common for all tasks (not task specific). "

What does that mean really?  So if i put in all the attachments I want blocked on the smtp provider on the dmz server as (*.ade, *.adp, *.asx, *.bas, *.bat, etc...) then I don't have to do it on the smtp or exchange providers on my internal exchange server?


Also since yesterday when I put avast on the exchange server I keep getting a lot of mails I send coming back like this:
"Your message did not reach some or all of the intended recipients.

      Subject:   RE: test
      Sent:   08.05.05 10:03

The following recipient(s) could not be reached:

      <whoever@theirdomain.com on 08.05.05 09:57
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <mail.mydomain.com #5.7.1 smtp;550 5.7.1 Unable to relay for whoever@thierdomain.com>"

I don't get this with every message just randomly.  so clearly something isn't configured right with one of the avast providers but there is no documentation telling you how to set these providers up correctly.

Battleship

  • Guest
Re: what providers for exchange server
« Reply #5 on: August 06, 2005, 02:44:49 PM »
I seemed to stop getting the "unable to relay for..." message when I disabled the smtp provider on the exchange server.  So I have an smtp provider on our smtp server in the dmz zone and then just the exchange provider on the exchange server.

mbraeken

  • Guest
Re: what providers for exchange server
« Reply #6 on: April 09, 2009, 12:35:33 PM »
Exchange 2000/2003 AND SMTP 2000/2003 for sure.
Standard Shield is recommended for file system protection (but is not so important if the machine does not have the role of a file server as well).
Network Shield is recommended for blocking of network attacks.

All other providers  are optional and won't do much on an Exchange server. Internet Mail is NOT recommended as it will conflict with Exchange SMTP router.


Thanks
Vlk

Hello Vlk,

This is a post with information I would expect to find in a user manual...
I'm migrating this evening our servers to Avast Server Edition and am terrified with the thought that I need to surf this Forum to find bits and pieces of how to individually set up Avast to work correctly on our servers...

I'm looking for this info for MS ISA firewall, MS Exhange 2007, MS SQL, Windows 2003 Server with Oracle, Blackberry Enterprise Server,... is any of this somewhere together in a downloadable document ? Each IT professional will be looking for this when they deploy your product - times of playing around are over: everything needs to be checked upfront. Making mistakes (because of the lack on info) is unacceptable in most organizations especially when it has a direct impact on the daily business of that organization...

Mario

wpn

  • Guest
Re: what providers for exchange server
« Reply #7 on: April 10, 2009, 12:22:48 PM »
All right, I'll try to explain this.

The Exchange provider works on the Exchange Information Store level. This means that (at least in the case of Exchange 2003) it is guaranteed to be called before any object from the Store is accessed by the user. Object doesn't mean emails only - also includes Public folder items, contacts, schedules, TODO lists, schemas etc...

On the other hand, the MS SMTP provider works as a filter on the SMTP stack. That is, it scans each and every (inbound and outbound) message as it passes through the SMTP layer (please note that some messages, e.g. messages sent from one mailbox to another on the same server don't reach the SMTP stack at all).


From what I said above it might seem that the Exchange provider can do everything that the SMTP provider, and more. This is basically correct if we only consider the number of files scanned. However, since the Exchange provider is based on the Microsoft Exchange VS API (Virus Scanning API) it is limited in certain ways (these limitations are given by the API itself). For example, the Exchange plugin cannot be configured to delete the infected objects from the emails (just overwrite them, which might be sort of confusing for the user).


So unless you have a really high performance server (with very high throughput requirements) I recommend having turned on both of these shields (and live with the fact that some items are in fact scanned twice). As they say, better safe than sorry.


Thanks
Vlk


so its save to assume that when i have exchange 2007 running, i do not need to use the exchange 2003 and smtp 2003 providers (meaning reducing some scanning load) ?