Announcement

Collapse
No announcement yet.

A virus in a DAG (Exchange 2010)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • A virus in a DAG (Exchange 2010)

    Hello,

    I am studying the DAG feature in Exchange 2010.

    I was thinking:

    If a virus hit one of the mailboxes servers, and the DAG is continuously replicating, then the other server would become equally unreliable.

    I am reading that in this cases you can set a time for the servers to synchronize, instead of continuously, maybe every 5 minutes, but I don't find it a very useful solution.

    Maybe another server in a different physical location, on another site?

    Thanks in advance!
    -
    Madrid (Spain).

  • #2
    Re: A virus in a DAG (Exchange 2010)

    When you say if a virus hits, what do you mean.. ?
    Sembee may come along and correct me here, but a virus within a mailbox database is fairly low risk.
    Yes, any email carrying a payload would be replicated.. but databases themselves usually aren't affected by viruses..
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: A virus in a DAG (Exchange 2010)

      Along the same lines as Tehcamel, I've never heard of an Exchange database or logs being infected directly. In fact, your database and log files should be excluded from AV scanning.

      An email message may contain a virus payload and that would be replicated by the DAG, but for that virus to infect the database itself is another matter altogether and frankly, I've never heard of that ever happening.

      Comment


      • #4
        Re: A virus in a DAG (Exchange 2010)

        The way the DAG works, this isn't possible.

        The DAG does no replicate the database, it replicates the transaction logs.
        Therefore the only way that something can replicate between the two servers is as part of an email message already in the system.

        Similarly it is impossible for database corruption to replicate between the DAG members, for the same reason - the actual database does not replicate, it is the logs.

        As already stated, virus infection of the actual database itself is almost impossible technically and from a virus writers point of view, totally pointless. Viruses in businesses are usually caused by poor network management. The creators are after home users who don't know any better.
        If malware was to attack the Exchange database then it is targeted to you. If someone wants in bad enough they will do anything to do so, up to and including sleeping with members of staff.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: A virus in a DAG (Exchange 2010)

          Thanks.

          Really informative!.

          I brought this question in because I was worried that if the replication was taking place every second, then if something happened in one of the servers, like the corruption of the edb file or a virus, and so on... well, it would affect instantly to the other servers.
          But then:

          1.No viruses
          2.Nor it is possible to replicate the corruption of the edb to the other servers, which sounds amazing.

          So, if one of the mailboxes become corrupted, you just have to fix that, locally?.

          The deeper I get into DAG, the more amazing feature it looks to me.
          -
          Madrid (Spain).

          Comment


          • #6
            If the content of the mailbox was changed by malware, then that would replicate, because Exchange knows no difference.
            However malware cannot change the content from outside of Exchange and have that replicate.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Thanks a lot !
              -
              Madrid (Spain).

              Comment

              Working...
              X