Product Reviews

Mail essentials 2000—KISS (Keep It Simple Stupid) Incarnate

The newest crop of Exchange antivirus products prevents users from receiving infected mail.

• By David W. Tschanz
• 12/01/2001

When I first opened the package with Mail essentials I wasn't sure what to expect. Mail essentials for Exchange 2000 had an excellent "street" reputation, but as everyone knows reputation and actual performance on your system don't necessarily correspond. So it was with a considerable sense of "show-me"ism that I slid the CD from GFI into the tray and let the product unfold.

Installation
Installation was so straightforward and intuitive that I never really noticed it was happening. Mail essentials 2000 requires Windows 2000 and Exchange 2000 with no service packs specified in the manual. A wizard steps you through the process. An unusual step was the user synchronization wizard that activates after the regular installation process is completed for Exchange 2000 (or 5.5). This wizard connects to the Exchange/Windows 2000 user database in order to allow the administrator to configure rules on a per user/group basis and to validate the Mail essentials license. Mail essentials can also be installed on a machine other than the Exchange 2000 server to reduce load at the server.

Documentation
The documentation is clear, concise and user-friendly, tough there were some flaws. The inclusion of multiple version instructions in the same manual is not my favorite means of documentation. Another failing in the manual was the index: a 19-item index for a 96-page manual isn't very helpful. On-line help was straightforward. The manual gave a good overview of the product and, for the Exchange Administrator who wants to justify the expense to the Finance department, they even include a very good section on the importance of a secure e-mail system.

Provisions
Mail essential acts like an e-mail firewall and has all the expected bells and whistles. Key features and enhancements include anti-spam, e-mail encryption, e-mail archiving, disclaimers, personalized auto responders and POP3 downloading. All of this is transparent to the user and has the benefit of requiring no training for users and little, if any, additional administration beyond the initial set-up. Mail essentials, which includes the industrial strength, highly regarded Norman antivirus engine scans all inbound and outbound mail both internally and inter-company. Attachments with a high likelihood of carrying a virus, worm or other nasty (.exe, .vbs) can be quarantined and assessed. The latter method is ideal since it is impossible to keep up with every new virus or a custom made worm/attack designed with the sole purpose of infiltrating YOUR network.

Content checking and filtering can block out messages based on a number of options, sending them to quarantine or removing unwanted attachments. It is up to you to decide what you want to block, look for and secure against and how you're going to do it. You can, for example, quarantine all messages that contain business inappropriate words or pejoratives in either the message itself and/or attachments. Word lists can be imported from simple text files and you can add your own to the list. Encrypted mail can be tagged and quarantined for review. Configuration options allow to remove files because they're potential virus or worm sources (e.g. .exe and .vbs files) or because of their impact on your bandwidth (.mp3 files).

Mail essentials can also automatically compress mail attachments at the server level, with the dual effect of saving user time and reducing bandwidth usage. It can also check for script code in the message body itself. Mail essentials will also detect a Word or Excel attachment that contains a macro and automatically remove the macro before sending it on to the recipient. A similar system also traps HTML scripts. The latter are often a large security gap in e-mail protection and are becoming an increasingly popular conduit for hackers and virus writers to trigger client side commands by embedding them in HTML mail. Mail essential detects these commands and automatically removes them. Again the HTML mail is still sent to the recipient, but with the HTML command disabled. This will generally disable banner scripts and forms included in newsletters, but is a small price to pay for security.

One of the advantages of the Mail essential system of detection and removal of macros and HTML scripts is that it is not dependent on anti-virus products being up to date. GFI's approach doesn't give a hoot whether a macro-borne virus is past, present or future—detection and removal will occur regardless.

Spam is addressed in an elegant fashion at the server level by intercepting an incorrect "Reply To" address or a message header containing an incorrect domain. There are also the expected options of refusing mails form domains or deleting mails with certain strings in the body.

Disclaimers, which are useful from a legal point and hence offer some peace of mind to the risk management staff, can be added to the end of all outgoing messages.

Mail essentials offers macro blocking, among many other options that you can configure. (Click image to view larger version.)

Results
I threw all of the test viruses I had against Mail essentials on my test network. And then I tossed in a few wild ones that I had lying around in undeleted e-mail off my ISP. (Don't shudder, Roberta: I like reinstalling Windows 2000 Server and Exchange 2000). Mail essentials grabbed them, quarantined them and sent messages to the administrator, sender and receiver (which I had configured it to do) that something was amiss. The messages were straightforward e.g. "A message from so and so wasn't delivered because it had a virus (or script or whatever) in it." I think it ate the viruses as well. I never did figure out what it did with the scripts it banished.

Summary
It's hard to fault Mail essentials for completeness or ease of operation of what you need in a mail system security product. What failings it had were relatively minor, primarily in the lack of some of the nifty administrative tools and monitoring options you can find in other products. Still Mail essentials does what it was designed to do: identify, hunt and kill anything that looks like a threat to e-mail security with the quiet relentlessness and thoroughness of white blood cell gobbling an intruder in your bloodstream.