Product Reviews

Exchange Stronghold

Thwart nasty viruses with Sybari’s Antigen.

• By Damir Bersinic
• 06/01/2003

Sybari’s Antigen 7.0 for Exchange attacks the problem on both fronts. It’s an antivirus and content-filtering solution for Microsoft Exchange 5.x, 2000 and the beta release of Exchange 2003 “Titanium” (according to Sybari, but not tested for this review). Antigen also provides the ability to append a disclaimer to all outbound e-mail for legal or other reasons — a new feature in version 7.0.

When it comes to installing Antigen, there are several options. You can install it on a Windows 2000 server with IIS’ SMTP component installed, in which case Antigen scans SMTP mail before it’s forwarded to an internal server or sent outside of the organization — no Exchange server is required. The second method is to install it on the same server as Exchange 5.x or 2000 so that it can provide SMTP scanning, as well as other features. You have the option to use Extensible Storage Engine (ESE) mode for Antigen or Virus Scanning API (VSAPI) 2.0 mode (Exchange 2000). If using VSAPI 2.0 mode, make sure that no previously installed program on the server also used VSAPI (something I ran across when I removed another product to install Antigen). The fix for this problem is clearly documented and easy to execute by deleting a registry key. Of the two modes, VSAPI is preferred, as it provides additional functionality such as the ability to scan a specific mailbox.

Antigen is administered by creating templates for each service (virus-scanning, content-filtering, file-filtering, scanner updates, notifications and so on.). These templates can be applied to multiple Antigen servers in the organization using the Antigen Central Manager. This works great in theory, but I couldn’t find a way to export my default content-filtering settings to a template so I could apply them to other servers or reuse them once I had them configured properly. Sybari should add an Export to Template feature for most operations. Regardless, once nasty e-mails are detected, it’s handy to be able to review them, as well as have a central quarantine facility.

When it comes to doing what it’s designed to do, Antigen does it well. Virus-scanning allows the use of up to six engines and the ability to scan ZIP files nested within ZIP files (and other types) for a very thorough check. Content-filtering, on the other hand, is quite manual. You can implement subject and sender/domain filtering but you must build the list of subjects and senders manually (wildcards are accepted) or use a template (see Figure 1).

Sybari may want to consider adding the ability to perform lookups of known open relays to make this easier, as Exchange 2000, out of the box, provides sender/domain filters and DNS reverse-lookup capability.

Sybari’s Antigen for Exchange allows you to configure subject and sender/domain filters to stop spam.

Antigen, which I’ve been using about a year, is one of the better solutions for the money. It’s effective at what it does, although I’d like the ability to export default content-filtering, have other settings to use in a template and automated tweaking of sender and subject filters. The truth is that spammers are smart and you need to keep up to date to ensure that not too much nasty stuff gets through. Antigen is an effective solution.

Note: Sybari Antigen for Exchange 7.5 should be released by the time you read this. Anti-spam and SMTP gateway add-on modules will also be available.