definitely yes, as viruses can infect a system in many other ways as just arriving by email. Security holes of the OS, infected CDs and USB sticks, and don't forget hosts on the internal network connecting to the Exchange server directly, they could be infected to.
In general, while having an Cisco IronPort appliance with AV running it is still nessesary to have a working AV solution installed on all PCs in your network.
I don't mean an general antivirus client (ie Microsoft Forefront Endpoint Protection 2010). I will definitely run that on Exchange for the reasons you mentioned but I'm wondering about an antivirus program that also scans incoming and outgoing emails for virus' along with spam (ie Microsoft Forefront Protection 2010 for Exchange Server). I guess ultimately I'm wondering if I need to have two separate programs (ironport and and an AV program) scanning my emails for virus' and spam?
thanks for the clarification, I think it still makes sense to use an AV solution on the Exchange server that also scans emails. Reason for that is that messages sent from and to internal addresses won't leave the server, so they are a potential danger to other users in the network. It is not really nessesary for end users to have such an email scanner installed on their computers, this should be covered by the normal AV scanner which will hopefully take action once the user tries to save and open an infected attachment.
So AV sanning of Emails on the Excahnge/Email Server: Yes, on the end user hosts: No.
yes because virus can easily be nested on the memory resident level and file level but one thing you should have to exempt is on the file level scanning. File-level antivirus scanners scan a file when it is used or at a scheduled interval. The file scan causes a file to be locked when Exchange Server tries to access the file while it is being scanned. This causes an Exchange Server Information Store failure to lock the file. Eventually, this causes the file to become corrupted or unusable. All dynamic files that are used by Exchange Server must be exempted from file-level scanning. The core list of files that should be exempted are all .edb files, .log files, .chk files, and STM files. We recommend that all folder-hierarchy-containing files that are used by Microsoft Exchange Information Store be exempted from file-level scanning or else it may ends up database corruption.
no, if you have limited resources. because, exchange eat too much resources plus anti-virus scanning it will slash the exchange throat into out of resources and therefore the clients may later suffer a slow access and unable to connect which would be a worst case at the following stage.
My point is that look first on the Servers perspective before Clients perspective.
Hope this would helps you to determine the good side.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :