Ask the Expert

How to perform an email scan to protect against viruses

We want to scan ISA-based Outlook Web Access messages for viruses and block them before they reach our Exchange Server (rather than using an Exchange-based antivirus plug-in). We also want to encrypt sessions from external PCs using HTTPS. We have a HTTPS session between the external PC and ISA and between ISA and Exchange. While the MS ISA content filtering Web site lists partner antivirus software, none seem to be able to scan on the ISA Server between the two HTTPS sessions. Can you suggest any options?

    Requires Free Membership to View

I certainly understand that you want users to connect to Outlook Web Access (OWA) via an SSL connection to protect messages traveling to and from their machines and your network. And because you are also encrypting messages as they travel from the ISA Server firewall to the Exchange Server, you are obviously concerned about maintaining their confidentiality within your own network. One big advantage of an ISA Server firewall is it has an SSL to SSL bridging feature. This works by creating one secure SSL connection between the Web browser client and the external interface of the ISA Server, and a second new session between its internal interface and the Exchange Server. This allows the ISA Server to decrypt the packets from the client and inspect them for attack code. If it determines that the connection is legitimate and the packets do not contain any exploits or attack code, it re-encrypts the packets and sends them to the Exchange Server. While many firewalls can't evaluate the content inside SSL encrypted packets, ISA's SSL bridge allows it to statefully inspect SSL connections and prevent attackers from hiding exploits inside the SSL channel. Although both inbound and outbound connections can be encrypted "end-to-end," there currently isn't an antivirus product that can virus scan messages within these HTTPS sessions, because they pass through the ISA Server.

The only way to scan and block viruses on the ISA Server before they get to your Exchange Server, is to terminate the SSL connection at the ISA Server. This will enable an antivirus program to fully inspect all traffic before it enters your network. Several products scan emails on the ISA Server this way. To learn more about them visit http://www.isaserver.org/software/ISA/Anti-Virus/. If you choose this method, it's important to note that because the ISA Server is handling potentially infected files, its own operating system is vulnerable without some form of real-time virus protection. For example, Symantec's AntiVirus for ISA Server only scans files and email traffic from client applications that are configured to pass files to the virus scan engine, not the actual server itself, so you need to install an antivirus solution for the server as well.

If you are determined to find a solution that enables you to encrypt the traffic between both servers, after the virus scan use SSH to encrypt the session between them. Secure Shell (SSH) is an application layer protocol that provides secure encrypted communications and can be implemented for any type of service using port redirection. To enable your ISA Server to authenticate to your Exchange Server you will need to put an SSH client on the ISA Server and an SSH server on the Exchange Server. SSH then encrypts passwords and network traffic between the two servers to prevent eavesdropping, IP spoofing, IP source routing, DNS spoofing and other network-level attacks. You can get free, open source SSH implementations at www.openssh.comwww.ssh.com. You may need to create a route relationship between the ISA and Exchange Servers, therefore would certainly recommend trialing this on a test system to ensure that it works and doesn't affect the service level of either server. Good luck and remember SSL cannot protect the information stored on the Exchange Server once it arrives.

For More Information:

  • Visit our Email Security All-in-One guide and learn how secure your email systems and maximize your email security efforts.
  • Visit our resource center for news, tips and expert advice to weigh the pros and cons of Secure Socket Layer.
  • Use these resources to discover how to combat viruses, worms and other malware types.

This was first published in June 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: