Email Protection
The job of Microsoft Forefront Security for Exchange Server is to scan emails for viruses or spamming before delivery. It scans both incoming and outgoing SMTP traffic as well as the Exchange databases to keep emails malware-free. Forefront Security for Exchange is also based on products which Microsoft acquired by buying up various companies, for example Antigen for Exchange and Sharepoint, which was taken over from Sybari in 2005, and Antigen for Instant Messaging, which is now called Forefront Security for Office Communications Server.
Different Jobs can be defined in the central management console.
Only Exchange Server version 2007 is supported by Forefront, there is no compatibility with the previous versions Exchange Server 2000 or 2003. Unlike Client Security, the server product does not rely solely on a proprietary Microsoft scan engine but also uses 9 additional engines licensed from AhnLab, Authentium, CA (VET and Innoculate), Kaspersky Labs, Mailfilters, Norman Data Defense, Sophos and VirusBuster. However, Forefront only allows five engines to be used simultaneously.
This allows for incoming emails to be scanned by several scan engines, which is meant to improve protection against virus infection. Forefront manages the various engines with the Multiple Engine Manager (MEM). The MEM decides which engines will be used and the order in which the files will be scanned, which in turn is determined by how current the definition files are, by the engine's performance and by internal test results. Based on an engine's scan results the MEM decides whether more scans with different engines are required or whether the email can be transferred to the mailbox.
As soon as an engine suspects that a file contains malicious code, Forefront subjects the file to scans by additional engines. Businesses who buy an Exchange Server Enterprise Client Access License (CAL) automatically get a license which entitles them to use Forefront with all the scan engines installed on their systems. In addition, Forefront Security for Exchange contains a spam filter which was also developed by Sybari. As the product only protects the Exchange database, administrators may have to protect the server itself separately with other antivirus software.
The Forefront Security product for SharePoint operates like its counterpart for Exchange and uses the same engines. Forefront Security for SharePoint supports Microsoft Office SharePoint Server 2007 and Windows SharePoint Services version 3.0, which are available for free download from Microsoft.
The Security Administrator allows to set policies for the different scan engines.
Corporate Exchange and SharePoint servers which are protected by Forefront are managed centrally. However, the management interface has nothing in common with Microsoft's Management Console; Redmond still uses the Sybari Antigen interface instead. A new console (code name Stirling) for Forefront has been announced which will allow central management of all products including the network access protection of Windows Server 2008. Stirling is currently still in beta state.
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
