Protect Exchange 2000 from spam and viruses with Symantec AVF

If you're tired of being trounced by viruses and needled with spam, then its time you check out Symantec's AntiVirus/Filtering 3.0 for Microsoft Exchange. In this Daily Feature, Will Schmied shows you how easy it is to exterminate e-mail pests.

E-mail today is a mission-critical service. In some organizations, it is THE mission-critical service, without which the organization could not survive. Not too many days go by anymore without a new threat to your e-mail server rearing its head. Viruses, worms, Trojans—you name it, and it’s trying to attack your server. As if that weren’t enough, you must also defend your internal messaging system against spam, which is just waiting to eat your network bandwidth and waste valuable employee time. What’s a network administrator to do? In this Daily Drill Down, I’ll introduce you to a product that will help protect Exchange from these unwanted influences. Thanks to Symantec’s AntiVirus/Filtering 3.0 for Microsoft Exchange, your network can stay above the fray when it comes to viruses and spam.

Your network may vary
This Daily Feature is written based on Exchange 2000 SP2 running on Windows 2000 Advanced Server 2000 SP2. There are many other packages that work just as well as these to defend your network against spam and viruses, but Symantec’s AntiVirus/Filtering 3.0 for Microsoft Exchange is among my personal favorites.

Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange
Symantec’s entry into the virus-fighting field is AntiVirus/Filtering 3.0 (Symantec AVF) for Microsoft Exchange. As promised, it can scan for viruses and spam as well as for several other things, including content (and that, in itself, is becoming a very popular means of keeping users under control). Getting Symantec AVF up and running on your network won’t set you back much in dollars or in time. While writing this article, I was able to purchase 10 licenses and one copy of the CD installation media online from License Online for $320.81. Not too shabby. As you might expect, the licensing prices per seat go down as the quantity purchased is increased.

The total installation time required to get Symantec AVF up and running on my one Exchange 2000 messaging system was about 15 minutes.

When you start using Symantec AVF, you may have to download and install the Microsoft Common Controls file (Mscomctl.ocx) if the file doesn’t’ already exist on the system you are monitoring using Symantec AVF. Unlike the majority of enterprise applications in use today that use a MMC console for their configuration and management, Symantec AVF uses your Web browser, which requires the Mscomctl.ocx file. Without it, you cannot display the left-hand pane of the management window, which is shown in Figure A.

Figure A
The Symantec AVF main page runs in a Web browser.

How does Symantec AVF deal with viruses?
Right off the shelf, Symantec AVF is ready to start scanning for viruses and other infectious executables. You may need to update the virus definitions after installing Symantec AVF, but you can let LiveUpdate run as part of the installation process to automatically update signatures for you.

To test Symantec AVF’s ability to stop “bad apples,” I sent some test messages to it using the GFI Email Security Testing Zone. Figure B shows the administrative alert I received when Symantec AVF detected infected inbound mail. Figure C shows the e-mail alert I received for this detection event, and Figure D shows the Symantec AVF event logs for this same event. All three of these actions occurred with NO configuration on my part after the initial installation.

Figure B
Virus detected!

Figure C
Symantec can quarantine infected e-mails and notify you.

Figure D
The Symantec AVF event logs help track viruses.

But where did the virus go? Quarantined files are moved to Symantec AVF’s quarantine folder, which is located at x:\Program Files\Symantec\Quarantine by default, where x is the volume on which you’ve installed Symantec AVF. Should you decide to venture into that folder using Windows Explorer, you’ll see a number of oddly named files that can’t be opened by any of the applications you’ve got installed (by default). These files contain the viruses intercepted by Symantec AVF.

You can work with the infected files from within the Symantec AVF Web application. You can opt to delete them, release them via e-mail or via a file.

Symantec AVF even has a nifty feature called the Quarantine Server that can be used as a centralized notification tool and as a repository for infected files that could not be repaired on infected clients. You can opt to remove the original infected file after sending it to the Quarantine Server or retain the local copy instead. From the Quarantine Server, the administrator can take further actions.

Spam, no spam
Symantec AVF also has the ability to block spam. Better yet, you can e-mail (spam) the spammers back and let them know that you’ve caught them.

Spam filtering is not automatic. You will need to do some fairly simple configurations initially and revisit your settings over time as you find new spammers out there that evade your filters.

You must first enable spam settings by placing a check in the Content Subpolicy checkbox, which is found at Polices | Standard Polices branch in the left pane of the Symantec AVF Web application. After enabling content policies, you will need to edit it and decide which of the following rules you want to include:
  • Subject line rule
  • Content rule
  • Spam rule

Configuring the rules is very straightforward, and the online help system provides ample information to get you up and rolling. Events that violate any of the rules you have configured will show up in your event logs.

You can even configure Symantec AVF to send you an administrative alert when spam is detected, as shown in Figure E. However, I don’t suggest using this option, because you stand a good chance of flooding your own inbox with alerts if your organization receives a lot of spam.

Figure E
Symantec AVF deals with spam as well as viruses.

Symantec AVF also has a few other configurable options that I’ve not explored here, such as heuristics scanning and outbreak notification. These are advanced features available to you for enhanced security of your network, but beyond the focus of this article.

Overall, Symantec AVF appears to be a robust product worthy of consideration for your Exchange 2000 Server system. The best part is, you can try it out for free and get your feet wet with no cost and no strings attached.

Editor's Picks

Free Newsletters, In your Inbox