Product Reviews

Exchange Stronghold

Thwart nasty viruses with Sybari’s Antigen.

Many years ago, it used to be that the No. 1 perceived threat to network resources was an external hacker gaining access and doing damage. That view shifted to a belief that companies were at far greater risk of exposure from within the corporate firewall. The reality is that the top threat to your resources and corporate data is both external and internal, with viruses proliferating through e-mail and the time costs associated with users filtering spam.

Sybari’s Antigen 7.0 for Exchange attacks the problem on both fronts. It’s an antivirus and content-filtering solution for Microsoft Exchange 5.x, 2000 and the beta release of Exchange 2003 “Titanium” (according to Sybari, but not tested for this review). Antigen also provides the ability to append a disclaimer to all outbound e-mail for legal or other reasons — a new feature in version 7.0.

When it comes to installing Antigen, there are several options. You can install it on a Windows 2000 server with IIS’ SMTP component installed, in which case Antigen scans SMTP mail before it’s forwarded to an internal server or sent outside of the organization — no Exchange server is required. The second method is to install it on the same server as Exchange 5.x or 2000 so that it can provide SMTP scanning, as well as other features. You have the option to use Extensible Storage Engine (ESE) mode for Antigen or Virus Scanning API (VSAPI) 2.0 mode (Exchange 2000). If using VSAPI 2.0 mode, make sure that no previously installed program on the server also used VSAPI (something I ran across when I removed another product to install Antigen). The fix for this problem is clearly documented and easy to execute by deleting a registry key. Of the two modes, VSAPI is preferred, as it provides additional functionality such as the ability to scan a specific mailbox.

Antigen is administered by creating templates for each service (virus-scanning, content-filtering, file-filtering, scanner updates, notifications and so on.). These templates can be applied to multiple Antigen servers in the organization using the Antigen Central Manager. This works great in theory, but I couldn’t find a way to export my default content-filtering settings to a template so I could apply them to other servers or reuse them once I had them configured properly. Sybari should add an Export to Template feature for most operations. Regardless, once nasty e-mails are detected, it’s handy to be able to review them, as well as have a central quarantine facility.

When it comes to doing what it’s designed to do, Antigen does it well. Virus-scanning allows the use of up to six engines and the ability to scan ZIP files nested within ZIP files (and other types) for a very thorough check. Content-filtering, on the other hand, is quite manual. You can implement subject and sender/domain filtering but you must build the list of subjects and senders manually (wildcards are accepted) or use a template (see Figure 1).

Sybari may want to consider adding the ability to perform lookups of known open relays to make this easier, as Exchange 2000, out of the box, provides sender/domain filters and DNS reverse-lookup capability.

Sybari Antigen
Sybari’s Antigen for Exchange allows you to configure subject and sender/domain filters to stop spam.

Antigen, which I’ve been using about a year, is one of the better solutions for the money. It’s effective at what it does, although I’d like the ability to export default content-filtering, have other settings to use in a template and automated tweaking of sender and subject filters. The truth is that spammers are smart and you need to keep up to date to ensure that not too much nasty stuff gets through. Antigen is an effective solution.

Note: Sybari Antigen for Exchange 7.5 should be released by the time you read this. Anti-spam and SMTP gateway add-on modules will also be available.

About the Author

Damir Bersinic, MCSE, MCDBA, MCSA, MCT, is an independent consultant, trainer and author.

comments powered by Disqus

Reader Comments:

Wed, Feb 1, 2006 Mike Phoenix

Back in 2003 this software was somewhat decent. Today the technology is slow and old. This software is absolutely horrible if you ever receive a Dictionary Harvet Attack. It will no doubt ruin your chances of ever getting emailing in a reasonable amount of time. Worst off the reason for this issue is the way the Antigen software utilizes the built in SMTP service to relay mail. It is extremely flawed and Sybari support won't even touch or help you with this issue. If you are loading this directly onto an exhange server that is about the only chance you have but the load on your mail server would be ridiculous and defeats the whole purpose of using software like this.

Symantec Mail Security or ORF Enterprise Edition are excellent alternatives and provide a solution that is 100 times more effective than this garbage.

This use to be a decent product but has gone downhill extremely fast over the years and the support has also suffered from this. If you are considering this software please at least try the other two products I listed so you don't go through the same stress that I have. Or if you are currently using it and have become frustrated with Antigen the other alternatives I have listed actually work and are extremely accurate.

Thu, Aug 28, 2003 marc new york

great review. I had been testing Antigen myself and I agree with much of what this review has stated. I even have it running on an Exchange 2003 machine and all the features work the same.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.