Forefront Security for Exchange Server Best Practices - Transport scanning
Applies to: Forefront Security for Exchange Server
Topic Last Modified: 2008-02-04
This section details the effects that the various options have on Transport scanning.
Forefront Security for Exchange Server is designed to reduce redundant scanning whenever possible. Therefore, when e-mail is in transport (Inbound, Outbound, or Internal), only the first transport node (Edge or Hub) scans the message and writes the antivirus transport stamp into it. Subsequent nodes respect the transport stamp and do not scan the message again. It is recommended that all Transport nodes be set to use the same scanning engines and bias settings.
If the antivirus transport stamp is turned off (by clearing the General Options setting “Optimize for Performance by Not Rescanning Messages Already Virus Scanned - Transport”), each Transport Scan Job scans messages (Inbound, Outbound, or Internal) on each transport node (Edge or Hub). Use this mode when you want to scan with different engines at each server role.
It is good Internet etiquette to scan your outbound e-mail messages for viruses. In addition, this can protect you from legal liability should an infected PC in your organization attempt to send out viruses (a common behavior of Worm viruses).