E-mail servers do not have E-mail aware virus protection.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18820	EMG3-829 Exch2K3	SV-20561r1_rule	ECVP-1	High

Description
With the proliferation of trojans, viruses, and SPAM attaching themselves to E-Mail messages (or attachments), it is necessary to have capable E-Mail Aware Anti-Virus (AV) products to scan messages and identify any resident malware. Because E-Mail messages and their attachments are formatted to the MIME standard, a flat-file AV scanning engine is not suitable for scanning E-Mail message stores. E-mail aware Anti-Virus engines must use AntiVirus Application Program Interface (AVAPI) version 2.5 or higher, which is able to scan E-Mail content safely. Competent E-Mail scanners will have the ability to scan mail stores, attachments (including zip or other archive files) and mail queues, and to issue warnings or alerts if malware is detected. As with other AV products, a necessary feature to include is the ability for automatic updates.

Description

With the proliferation of trojans, viruses, and SPAM attaching themselves to E-Mail messages (or attachments), it is necessary to have capable E-Mail Aware Anti-Virus (AV) products to scan messages and identify any resident malware. Because E-Mail messages and their attachments are formatted to the MIME standard, a flat-file AV scanning engine is not suitable for scanning E-Mail message stores. E-mail aware Anti-Virus engines must use AntiVirus Application Program Interface (AVAPI) version 2.5 or higher, which is able to scan E-Mail content safely. Competent E-Mail scanners will have the ability to scan mail stores, attachments (including zip or other archive files) and mail queues, and to issue warnings or alerts if malware is detected. As with other AV products, a necessary feature to include is the ability for automatic updates.

STIG	Date
Microsoft Exchange Server 2003	2014-08-19

Details

Check Text ( C-22530r1_chk )
Interview the E-mail administrator or the IAO. Procedure: Access the System Security Plan documentation that identifies the E-Mail Anti-Virus product resident on Exchange servers. Validate that the identified is one that offers AVAPI 2.5 or higher for safe scanning without risk of mail data corruption. Criteria: If E-mail servers are using E-Mail aware AV product with AVAPI version 2.5 or higher, this is not a finding.

Check Text ( C-22530r1_chk )

Interview the E-mail administrator or the IAO.

Procedure: Access the System Security Plan documentation that identifies the E-Mail Anti-Virus product resident on Exchange servers. Validate that the identified is one that offers AVAPI 2.5 or higher for safe scanning without risk of mail data corruption.

Criteria: If E-mail servers are using E-Mail aware AV product with AVAPI version 2.5 or higher, this is not a finding.

Fix Text (F-19490r1_fix)
Install E-mail aware virus protection on mailbox servers. Ensure that mail stores are being scanned with products possessing AVAPI version 2.5 or higher.