Should we install an antivirus scanner on our Exchange 2000 Server front-end server?
The answer depends on your front-end server configuration. Creating a front-end server typically involves installing Exchange 2000 first, then selecting the This server is a front-end server check box on the General tab of the server's Properties dialog box. When you make this selection, the new front-end server will still house Exchange 2000's public and private Store, which is an acceptable configuration. In fact, if you want to use SMTP on the front-end server, you must mount a private Store so that the SMTP component can generate nondelivery reports (NDRs). In that case, you might want to consider using an SMTP-aware antivirus scanner on your front-end server to check incoming and outgoing mail.
Ideally, content scanning should be done at the network perimeter; so if your front-end server is an SMTP server, that's the best place to scan for content. For security reasons, though, Microsoft recommends dismounting the public and private Stores on machines that aren't running SMTP or Network News Transfer Protocol (NNTP). If you do so, you don't need to install an antivirus scanner on the server—in fact, most antivirus scanners won't start in the absence of a mounted Store. However, Exchange Server 2003 will include a new release of the Antivirus API (AVAPI) interface that supports running antivirus scanners on gateway machines. You can expect most vendors to take advantage of this enhanced capability later this year.
