Thank you for the advice. The exchange is behind a firewall, zywall. The attacks happen on ports essentials for exchange traffic, 25, 80, 443.
As far as the email scanner goes... is it just informative message that Eset is doing its job? Do I do anything with that?