1 / 12

Exchange and Email Anti-Virus

Exchange and Email Anti-Virus. Teresa Downey SLAC. Email Server/Client in 2000. Pilot program for 5 months – no show-stoppers Exchange server replaced UW IMAP Server Converted ~1300 users from Eudora, etc. to Outlook 2000, etc. – more than just Windows Users

umay
Download Presentation

Exchange and Email Anti-Virus

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exchange and Email Anti-Virus Teresa Downey SLAC

  2. Email Server/Client in 2000 • Pilot program for 5 months – no show-stoppers • Exchange server replaced UW IMAP Server • Converted ~1300 users from Eudora, etc. to Outlook 2000, etc. – more than just Windows Users • Most took about 1 hour, many took longer • Address books were sometimes difficult • Team of ~12+3 completed project in 7 months • 3 “experts” for “team” to ask for assistance • 3 “experts” did conversions also to ensure we met goal

  3. Conversions (cont.) • Classes offered in Outlook 2000 Mail & Calendar • Good on-line help is essential for trouble-shooting • Recovery from “30-day dumpster” is time-saver for all • Public Folders have been widely used by some departments • Users hated giving up Eudora • Meeting scheduling has been a big win • Integrated mail/contacts/calendar is key to success

  4. Email Server/Client 2000 (cont.) • Benefits of Exchange Server • Removed clear-text passwords from network • Replaced MeetingMaker calendar • Added Web email accessibility • Retained IMAP/POP protocol support • Added integrated Anti-Virus solution • Unix mail spool retained for Unix users – NFS only

  5. Email Anti-Virus in 2000 • MTA – PMDF on Solaris • Strip some executables going in/out of site • Only a few. Examples: *.exe, *.bat, *.com • Strip files with macros in/out of site – intra-site OK • Stripped files retrieved for users upon request • Scanned first • Placed in Unix or NT file system for user • SPAM blocked aggressively for several years • Users are very happy about this

  6. Email A/V in 2000 (cont.) • Email Server • Running CA on Exchange Server • Design allowed a user to open document before scanning • Failed often at manual scan – hung constantly • Unacceptable solution • Windows Clients • Perhaps 75% Windows desktops running Inoculan • Not enough to be installed, must confirm it is running by checking the date of the signature file

  7. Email Server/Client in 2001 • 500MB “soft” limit on mailboxes • Store grew to over 80Gig for 1500 users • Tape restore time grew to 12 hours – log replay 100/hr • Moved database off Dell SAN in Aug. • Moved to SUN StorEdge T3 • Tape restore time reduced to 3 hours – log replay 400/hr • 25% of users [A-E] moved to new server in Sep. • Allows full restore in less than 2 hours/server • Users [F-Z] move to 3 more servers by early Dec. • Leaves only IMS and Internet scanner on current server

  8. Email Server/Client 2001 (cont.) • SLAC Exchange has memory leak in store • Debugging with Microsoft all year • Switched to Premier support in Spring • Premium support was totally incapable for this bug • Last week Microsoft determined it is IMAP/POP/SSL causing leak – during SSL authentication • Exchange server has ~1500 users • ~100 IMAP • Unix NFS mail spool has ~1000 users • Web Access gets ~150 users/day

  9. Email Anti-Virus in 2001 • MTA – PMDF on Solaris • All MS Level 1 “unsafe” (Q262631) stripped • Add more as necessary. Recently added *.eml • Macro stripping unchanged • Email Server • Sybari Real-time and Internet scanner installed • All attachments scanned BEFORE placing in mailbox • Same list of executables stripped here as MTA • Bug in Manual scanner – working with Sybari • Windows Clients • Increased to 92% desktops running Inoculan

  10. Summary • What we did wrong • Put database on immature Dell SAN infrastructure • Problems with Dell SAN started in October, 2000 • Didn’t define service goals for “disaster recovery”, leading to the next bullet… • Let database grow too big before deciding to break into four parts

  11. Summary (cont.) • What we did right • “Disaster Recovery” document written before we needed it • Building “recovery server” at least quarterly • Switched to Sybari from CA for email scanning • Spread database across multiple servers to allow “disaster recovery” within 2 hours • Stripping all Level 1 executables in MTA and Exchange server • Aggressive SPAM blocking probably limits our virus exposure

  12. Questions?

More Related