Exchange 2007 and security

[Nasty_Savage]

Hi all. Our school district is finally dumping First Class as our mail server (thank god) and we are in the process of finalizing the order. We have the hardware and software selected. Our problem is the antivirus....the state contractor uses Symantec globally, but their mail security is retarded expensive, even when we get a good deal on it. It more or less costs more then the server and the software including the OS itself.

Now, we do not need alot of the extra stuff since we are behind a WAN filter that does fishing and SMTP mail scanning for the AV. Symantec's solution includes content filtering and all the stuff we wouldn't need locally. My question is does anyone have an idea of a cheaper antivirus solution for an exchange server? It would be a tough sell considering the contract, but I'm just looking at other options. I would think the risk factor is pretty low, but taking the chance makes me uneasy. There was some concern about home machines and OWA, but I still believe the risk would be extremely low.

If the AV solution from Symantec costs 6500 bucks for 600 CAL's, I told them if anyone infected the server I would break their fingers for 3g's

 

[MorfiusX]

Check out XMon which is part of NOD32.

 

[SVT4ME]

6500 for 600 CAL's isn't that expensive. Try McAfee or Trend. I've worked with both in an Enterprise setting and while I prefer Trend, McAfee is pretty robust with EPO.

 

[YeOldeStonecat]

Is the 6500 bucks for Symantec including Enterprise Edition for 600 plus the Exchange module for 600 mailboxes? If so..that's a great price.

To compare...Esets pricing for Enterprise Edition, for Education, 600 seats..is under 10 dollars per...so a bit under 6000 bucks for AV protection for 600 nodes...without Exchange protection). For their Exchange component alone..it's under 5 bucks per mailbox at that #. (so under 3000 bucks for the XMON alone at 600 boxes) So total, AV for 600 plus Exchange for 600, comes to under 9000 bucks.

This is 1 year pricing...2 year pricing comes out to even less.

 

[Nasty_Savage]

Yeah I realize our state contract gives us a great deal. I'm just penny pinching as I said it does not seem to me that we need all the features as alot of it is taken care of at the central office. (our information center has all the TLS and T1 lines fed through it for filtering as required by state law and blocks banned attachments and has a good spam filter/fishing filter). The object is while I do not want the server unprotected, it seems almost an un-necessary expense to pay for something that has minimal need, despite its 'good price'.

I basically want Exchange and the server protected. The clients already have SAV 10.2 installed and centrally mananged, I see little reason to provide individual mailbox protection for the odd OWA user, or am I being a noodnick?

 

[YeOldeStonecat]

OK..so you just need antivirus for the server itself (1x node)...and Exchange protection for 600 mailboxes. That lowers the price a bit.....
So you have roughly 100 bucks for the server itself, and roughly under 3000 bucks.

 

[Nasty_Savage]

For what product though? Eset? Or does Symantec have a stripped down version with AV protection only? What about Microsoft Forefront?

 

[MIRTBelGeran]

I tend to think that you get what you pay for in AV. The reason you get the features that you do in Exchange AV is that MS built in an API that in a nutshell will not deliver an email or allow an outlook user to view an email that has not been scanned with the latest virus definition. Generally you can deploy new virus definitions to your server faster than you can to you client machines and thus the need for a full blown AV solution with Exchange. Do not underestimate 0 day threats nor expect a client machine to be protected. Multiple levels of protection are needed.

Here is a link to the MS technet forum on AV and Spam. http://forums.microsoft.com/technet/showforum.aspx?forumid=834&siteid=17

 

[XOR != OR]

What I've always done is to put a sendmail box in front of the exchange server ( or groupwise, for that matter ). This gives you the flexibility to prefilter the message before hitting the exchange server.

If you got that route, clamav is a good choice. Does a pretty decent job catching most of the shit that flies around the networks I take care of. Further, if you go this route, you can do spamassassin and greylisting as well, dramatically cutting down on the amount of spam you get. All you'd pay for is the hardware and your time to set it up.

 

[YeOldeStonecat]

For what product though? Eset? Or does Symantec have a stripped down version with AV protection only? What about Microsoft Forefront?

For Eset NOD32....what I was talking about a few posts up....I stopped reselling Symantec a long time ago....I'd rather paint the golden gate bridge with a toothbrush than install and support a Symantec product again.