Exchange servers must have an approved DoD email-aware virus protection software installed.

From Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide

Associated with: CCI-001308

SV-95419r1_rule Exchange servers must have an approved DoD email-aware virus protection software installed.

Vulnerability discussion

With the proliferation of trojans, viruses, and spam attaching themselves to email messages (or attachments), it is necessary to have capable email-aware anti-virus (AV) products to scan messages and identify any resident malware. Because email messages and their attachments are formatted to the MIME standard, a flat-file AV scanning engine is not suitable for scanning email message stores. Email-aware anti-virus engines must be Exchange 2016 compliant. Competent email scanners will have the ability to scan mail stores, attachments (including zip or other archive files) and mail queues and to issue warnings or alerts if malware is detected. As with other AV products, a necessary feature to include is the ability for automatic updates.

Check content

Review the Email Domain Security Plan (EDSP). Determine the anti-virus strategy. Verify the email-aware anti-virus scanner product is Exchange 2016 compatible and DoD approved. If email servers are using an email-aware anti-virus scanner product that is not DoD approved and Exchange 2016 compatible, this is a finding.

Fix text

Update the EDSP to specify the organization's anti-virus strategy. Install and configure a DoD-approved compatible Exchange 2016 email-aware anti-virus scanner product.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.