A typical deployment of an enterprise's messaging system uses a distributed architecture in which different message processing roles are in effect on different servers. To protect the messaging infrastructure, protection software such as anti-virus (AV) scanning can be loaded on multiple servers throughout the messaging system. One example system which has multiple server roles deployed throughout the enterprise is the Exchange® program commercially available from Microsoft Corporation of Redmond, Wash. In Exchange, a single message can travel through any number of transport servers before being deposited in a mailbox server for storage and retrieval.
To help relieve the burden of duplicate scanning, Exchange has included a feature which adds and maintains a persistent secure marker on a message to indicate that the message has already been processed by a security component on one of the servers in the enterprise at a particular configuration version. When a message with a secure marker is encountered, Exchange assumes that the secure marker reflects an absolute guarantee that the message has been already scanned and is in a known state, and thus, may not need to be re-scanned.
The conventional wisdom, however, is that only if the protections are identical in each distributed protection point should the scanning at each protection point be considered duplicate scanning. For complex protection software products that have many different configuration settings, the representation of the state of protection applied to a message may be difficult. This poses the choice between devising a complex representation of what it means to be “already scanned” and with this complex representation, using a multiple valued marker to represent the protection applied to each message, or alternatively not marking the message as already scanned, and always requiring duplicate protection scanning to insure that different settings are always applied to a message as it is scanned on each server.