Thwart nasty viruses with Sybari’s Antigen.
Many years ago, it used to be that the No. 1 perceived
to network resources was an external hacker gaining access and doing damage.
That view shifted to a belief that companies were at far greater risk
of exposure from within the corporate firewall. The reality is that the
top threat to your resources and corporate data is both
and internal, with viruses proliferating through e-mail and the time costs
associated with users filtering spam.
Sybari’s Antigen 7.0 for Exchange attacks the problem on both fronts.
It’s an antivirus and content-filtering solution for Microsoft Exchange
5.x, 2000 and the beta release of Exchange 2003 “Titanium”
(according to Sybari, but not tested for this review). Antigen also provides
the ability to append a disclaimer to all outbound e-mail for legal or
other reasons — a new feature in version 7.0.
When it comes to installing Antigen, there are several options. You
can install it on a Windows 2000 server with IIS’ SMTP component
installed, in which case Antigen scans SMTP mail before it’s forwarded
to an internal server or sent outside of the organization — no Exchange
server is required. The second method is to install it on the same server
as Exchange 5.x or 2000 so that it can provide SMTP scanning, as well
as other features. You have the option to use Extensible Storage Engine
(ESE) mode for Antigen or Virus Scanning API (VSAPI) 2.0 mode (Exchange
2000). If using VSAPI 2.0 mode, make sure that no previously installed
program on the server also used VSAPI (something I ran across when I removed
another product to install Antigen). The fix for this problem is clearly
documented and easy to execute by deleting a registry key. Of the two
modes, VSAPI is preferred, as it provides additional functionality such
as the ability to scan a specific mailbox.
Antigen is administered by creating templates for each service (virus-scanning,
content-filtering, file-filtering, scanner updates, notifications and
so on.). These templates can be applied to multiple Antigen servers in
the organization using the Antigen Central Manager. This works great in
theory, but I couldn’t find a way to export my default content-filtering
settings to a template so I could apply them to other servers or reuse
them once I had them configured properly. Sybari should add an Export
to Template feature for most operations. Regardless, once nasty e-mails
are detected, it’s handy to be able to review them, as well as have
a central quarantine facility.
When it comes to doing what it’s designed to do, Antigen does it
well. Virus-scanning allows the use of up to six engines and the ability
to scan ZIP files nested within ZIP files (and other types) for a very
thorough check. Content-filtering, on the other hand, is quite manual.
You can implement subject and sender/domain filtering but you must build
the list of subjects and senders manually (wildcards are accepted) or
use a template (see Figure 1).
Sybari may want to consider adding the ability to perform lookups of
known open relays to make this easier, as Exchange 2000, out of the box,
provides sender/domain filters and DNS reverse-lookup capability.
|Sybari’s Antigen for Exchange allows
you to configure subject and sender/domain filters to stop spam.
Antigen, which I’ve been using about a year, is one of the better
solutions for the money. It’s effective at what it does, although
I’d like the ability to export default content-filtering, have other
settings to use in a template and automated tweaking of sender and subject
filters. The truth is that spammers are smart and you need to keep up
to date to ensure that not too much nasty stuff gets through. Antigen
is an effective solution.
Note: Sybari Antigen for Exchange 7.5 should be released by
the time you read this. Anti-spam and SMTP gateway add-on modules will
also be available.
Damir Bersinic, MCSE, MCDBA, MCSA, MCT, is an independent consultant, trainer and author.