After installing to Exchange Server SP2 i noticed problems with Symantec Mail Security for Exchange 4.6 in that it wasn’t catching viruses or spam. So i decided to check if Symantec had any updates for SMSE.

Surely enough in the classic Symantec fashion, they had released a 5.0 version and never notified their customers. Their policy is to not permit existing customers access to the new version until at least 3 months from it’s release. I’ve waited up to 6 motnhs for new antivirus versions even though I could buy the product directly from them if it were a new purchase. Very poor policy if you ask me.

Shortly after upgrading, too my dismay though, my phone starts ringing off the hook. No mail is coming in to my users. Sure enough after digging through and checking all my exchange settings as well, i see nothing out of the ordinary. Time to call symantec, this is the part i dread. After 30 minutes of no help we finally get somewhere. Typically on a front end server no store is required, but in order for SMSE to work it requires a store to check the incoming messages. Hint to Symantec: Document This! Their excuse was well it’s in our knowledge base, but it’s not for 5.0 only 4.x versions, so I was supposed to know this. I see icoming mail now. yeah. Figuring I had all problems resolved i get back to work.

Next morning i’m my mailbox is loaded with viruses and spam (we have the Premium Antispam License too) that aren’t even tagged as spam. So i look and find that no Antivirus or Antispam updates are occuring even though the live update settings are set and the antispam is supposed to update every 15 minutes no matter what. Time to call Symantec again. So i take a shot of caffeine and pcik up the phone. This guy seemed more helpful. After 20 minutes though my opinion changed. I had upgraded the software, and i guess Symantec says you’re not supposed to. I guess that whole section in the installation guide was a big 10 page misprint. So i say fine, i’ll unistall and install if fresh. After another 15 miuntes of reconfiguring the server all my updates are finally working and mail is being scanned. I think i might have gotten this working finally.

After a couple days i decided i would check out their logging and reporting. To my surprise no virus had been detected. That’s a problem! So i grin and call Symantec 1 more time. Long phone call made short, I actually got a smart technician. I come to find out that the front end server in a front-end/back-end configuration only scans for spam and SMSE in needed on the backend server to scan for viruses. Yeah time to install it again. Good thing is the 5.0 software handles multi-server configurations nicely. You can remoely install and copy the configuration to another server in under five minutes. I’m very happy with this feature. First thing I think is what moron designed it this way. Symantec also, in order to increase performance, as of verion 5.0 scans for blacklist first (rightfully so) and spam second and then viruses third. This makes some sense because most viruses are often just garbage messges that can be detected as spam, but from a trend analysis standpoint it sucks. It gives you a false sense of the number of viruses coming into your organizaion. They really to take a good look at this. Sometimes speed isn’t everything. :)

So now i finally have a working setup. So here is the down and dirty i got from this.

• Don’t Upgrade! Unistall 4.x and Install a Fresh Copy
• After install Exchange SP2, check to see that your front end server has the message store enabled
• You must install SMSE 5.0 on all front end and backend servers

Conclusion: Nice Product Crappy Documentation