24 Hours of Exchange Server 2007 (Part 14 of 24): Maintaining AntiVirus Harold Wong [email_address] blogs.technet.com/haroldwong Audio: please try Streaming Internet Audio first If that doesn’t work, use: (800) 683-9254: Pin 3054

What We Will Cover Understanding antivirus functionality Deploying a defense-in-depth approach Antivirus software integration

Understanding antivirus functionality

Deploying a defense-in-depth approach

Antivirus software integration

Agenda Review Antivirus features in Microsoft ® Exchange Server 2007 Antivirus Software and Services

Review

Antivirus features in Microsoft ® Exchange Server 2007

Antivirus Software and Services

Introduction to Anti-Spam Management Sender reputation filtering Recipient ID filtering Attachment filtering Connection filtering Which of the following is not a type of Exchange Server 2007 anti-spam filtering?

Sender reputation filtering

Recipient ID filtering

Attachment filtering

Connection filtering

Introduction to Anti-Spam Management Connection filtering Sender ID filtering Content filtering Outlook junk e-mail filtering Which anti-spam filtering feature includes the spam quarantine?

Connection filtering

Sender ID filtering

Content filtering

Outlook junk e-mail filtering

Introduction to Anti-Spam Management Perimeter firewall Edge Transport server Internal firewall Connection filtering What is considered the first line of defense against spam attacks?

Perimeter firewall

Edge Transport server

Internal firewall

Connection filtering

Understanding Individual Components IP Allow List Safe Provider List Real-time Block List Spam Quarantine List Which of the following is not a feature of connection filtering?

IP Allow List

Safe Provider List

Real-time Block List

Spam Quarantine List

Understanding Individual Components Connection filtering Sender filtering Sender ID filtering Sender reputation filtering Which of the following filters do not query outside servers or services?

Connection filtering

Sender filtering

Sender ID filtering

Sender reputation filtering

Understanding Individual Components Sender filtering Sender ID filtering Content filtering Sender reputation filtering Which of the following component level filtering includes safelist aggregation?

Sender filtering

Sender ID filtering

Content filtering

Sender reputation filtering

Agenda Review Antivirus features in Exchange Server 2007 Antivirus Software and Services

Review

Antivirus features in Exchange Server 2007

Antivirus Software and Services

The Defense-in-Depth Approach Perimeter Security Edge Security Data Security

Virus Protection with Spam Filters . exe . dll .com . bat Reverse DNS Lookup Query Sender’s DNS Tarpitting RBL Lookup Connection Filtering Recipient Filtering Sender ID Filtering Sender Reputation Filtering Attachment Filtering

Configuring Filters for Virus Protection Configure RBL lookups Query sender’s DNS Configuring attachment filtering demonstration

Configuring Filters for Virus Protection

Configure RBL lookups

Query sender’s DNS

Configuring attachment filtering

Outlook Web Access Virus Protection Public computer Private computer

Exchange Server 2007 Spam Quarantine Spam quarantine mailbox Yes SCL exceeds quarantine No

Managing the Spam Quarantine Create the spam quarantine mailbox Set spam mailbox in the Edge Transport Reviewing the spam quarantine mailbox demonstration

Managing the Spam Quarantine

Create the spam quarantine mailbox

Set spam mailbox in the Edge Transport

Reviewing the spam quarantine mailbox

AntiVirus Features of Exchange Server 2007 Connection filtering Sender filtering Content filtering Attachment filtering Q1: Which spam filtering technology played an early role in virus protection?

Connection filtering

Sender filtering

Content filtering

Attachment filtering

AntiVirus Features of Exchange Server 2007 Connection filtering Sender filtering Sender ID filtering Sender reputation filtering Q2: Which type of filtering allows the Edge Transport server to look up IP addresses in a list of known virus hosts?

Connection filtering

Sender filtering

Sender ID filtering

Sender reputation filtering

AntiVirus Features of Exchange Server 2007 Connection filtering Sender filtering Content filtering Attachment filtering Q3: Which filtering mechanism moves e-mail messages into the spam quarantine mailbox?

Connection filtering

Sender filtering

Content filtering

Attachment filtering

Agenda Review Antivirus features in Exchange Server 2007 Antivirus Software and Services

Review

Antivirus features in Exchange Server 2007

Antivirus Software and Services

Antivirus Software Integration VSAPI (Not Recommended)

Forefront Security for Exchange Server Client Security Hub Security Edge Security CA Sophos AhnLab VirusBuster Kaspersy Labs Norman Data Defense * Microsoft ® Forefront™ Security for Exchange Server (FSE)

Installing Forefront Security Install the Forefront security software Run the Forefront security administrator Send and scan an e-mail message demonstration

Installing Forefront Security

Install the Forefront security software

Run the Forefront security administrator

Send and scan an e-mail message

Exchange Hosted Filtering Messages containing active malicious code E-mail quarantine Directory Service Exchange Hosted Filtering

Third-Party Products

AntiVirus Software and Services Edge Transport server Hub Transport server Mailbox server Desktop client computers Q1: Which system should not run e-mail antivirus scanning according to Exchange Server 2007 best practices?

Edge Transport server

Hub Transport server

Mailbox server

Desktop client computers

AntiVirus Software and Services Five Six Seven Eight Q2: What is the maximum number of antivirus scanning engines that can be configured for Forefront?

Five

Six

Seven

Eight

AntiVirus Software and Services One Two Three Four Q3: What is the minimum number of antivirus engines you can configure when using Microsoft Exchange Hosted Filtering?

One

Two

Three

Four

Session Summary Antivirus functionality in Exchange Server 2007 Defense-in-depth approach Antivirus software integration

Antivirus functionality in Exchange Server 2007

Defense-in-depth approach

Antivirus software integration

Questions and Answers Submit text questions using the “Ask” button. Don’t forget to fill out the survey. For upcoming and previously live webcasts: www.microsoft.com/webcasts Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781 Today's webcast was presented using Microsoft ® Office Live Meeting. Get a free 14-day trial by visiting: www.microsoft.com/presentlive

Submit text questions using the “Ask” button.

Don’t forget to fill out the survey.

For upcoming and previously live webcasts: www.microsoft.com/webcasts

Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781

Today's webcast was presented using Microsoft ® Office Live Meeting. Get a free 14-day trial by visiting: www.microsoft.com/presentlive