Juggling Large Message Systems
COMPUTER ASSOCIATES INTERNATIONAL
cheyenne Protection Suite for Microsoft Exchange Server 1.1
Performing efficient backups and restores is critical to large message store management. Cheyenne focuses on this, and along the way provides other features like keeping your message store free of viruses. Protection Suite for Exchange includes Cheyenne ARCserve 6.0 for Windows NT Enterprise Edition, InocuLAN 4 for Windows NT Single Server, and DB Agent and AntiVirus Agent for Microsoft Exchange Server.
DB Agent simplifies the tedious and time-consuming task of regularly backing
up the Exchange directory and information store databases and restoring them in the event of a failure. DB Agent extends the directory tree of ARCserve by discovering the Exchange Servers among the NT servers monitored. The agent permits remote management of the backup and restore process, as well as the ability to back up to a n
umber of tape drives. DB Agent runs on the Exchange Server and takes advantage of its Backup/Restore API.
The backup process of the Exchange directory and message store is performed from the Backup Manager utility in ARCserve. Full, incremental or differential backup options can be performed, as well as copying a backup, all from the same screen. The Restore Manager in ARCserve conducts the restore procedure of Exchange Server directory and information store. The Job Status Manager displays backup and restore jobs and lets the user stop a running job, modify it on the fly or delete it.
The AntiVirus Agent performs real-time scans for viruses in message files. The agent works
while Exchange is running, so there is no need to shut down the message system to perform a virus scan. By clicking on a few options, you can configure the agent to run scheduled or incremental scans; send alert notifications; scan floppy, network or hard drives; or scan specific mailboxes. You can configure the agent to scan all files or only select ones. You can opt whether to scan all messages, messages received between certain specified dates or messages entering the system after the last scan.
In our tests of the AntiVirus Agent, we selected a file with a known virus (WM.NPAD.A, which attacks the WordPad application) and attempted to attach it to an e-mail. Because we had enabled real-time protection, which sets up a roadblock between the server and Exchange to scan all files, access to upload the file was immediately denied with the message that the subject file was infected with the virus. This feature prevents the file from ever entering the message store in the first place.
But we remained i
ntrepid in our quest to infect the Exchange message store. We disabled the protection and sent the file to two recipients. Then we started a scan of the Exchange system and the three particular mailboxes involved. The system found the virus on the first scan and immediately launched an e-mail message to the sender and the two recipien
ts, notifying them that a virus had been found in the particular message. Quickly notifying all parties to the message is the best way to keep the virus from spreading.
We elected to send an alert message, but the system also supports sending notifications to a pager, to every Windows server in the realm as a broadcast message, to the Event Log or to an SNMP or trouble-ticket system. Actions available when an infected file is detected include no action-report only, delete, rename, move, rename and move, purge or cure. In the cure action, the virus is removed from the file, which is restored to its original state, if possible. If not, the file is renamed with an AVB extension
.
The scan log shows the results of the scan, including the total boot inspections, the number of directories and files scanned, the number of viruses found, the number of files infected and the number of files that were cured, purged or deleted. The log also details the sender and recipients of the infected file, the date, time, subject, text of the message and the file name.
|
REPORTS
ANALYTICS
Follow 
