The advantage of multiple anti-virus engines on server products

  • Article

The Forefront server security products provide several key security capabilities to Exchange and SharePoint customers, including an advanced multiple anti-virus engine manager that allows you to concurrently run up to 5 of the included Microsoft and third-party anti-malware engines. Using multiple scan engines delivers several critical advantages:

  • It increases the chances that emerging threats will be quickly caught.
  • It provides redundancy to help protect against scan failures or defects in individual engines; if an engine fails, other engines continue scanning messages.
  • It gives administrators an effective way to choose the most appropriate level of protection for their environment given their security needs and server performance capabilities.
  • It allows engines to be taken offline for updates or reconfiguration without forcing messages to be queued.

A recent set of tests performed by the independent AV-Test.org group found some surprising differences in signature update times from various vendors. The tests compared AV lab response times for eighty-two “in the wild” viruses and variants. Twenty-six of the viruses were quickly detected by all the scan engines, but some engines didn’t detect viruses for more than twenty-four hours. In a few cases (notably 0506 Banwarum.C@mm), some vendors didn’t update their signatures to provide a block until nearly five days had elapsed! Because Forefront Security for Exchange Server and Forefront Security for SharePoint combine multiple engines, the odds that a virus will go unblocked or undetected for long periods are greatly reduced. Organizations benefit from all updates for the set of engines you use, not just from updates to a single engine.

For a larger version of this chart go here