Mail essentials 2000—KISS (Keep It Simple Stupid) Incarnate
The newest crop of Exchange antivirus products prevents users from receiving
When I first opened the package with Mail essentials I wasn't sure what
to expect. Mail essentials for Exchange 2000 had an excellent "street"
reputation, but as everyone knows reputation and actual performance on
your system don't necessarily correspond. So it was with a considerable
sense of "show-me"ism that I slid the CD from GFI into the tray and let
the product unfold.
Installation was so straightforward and intuitive that I never really
noticed it was happening. Mail essentials 2000 requires Windows 2000 and
Exchange 2000 with no service packs specified in the manual. A wizard
steps you through the process. An unusual step was the user synchronization
wizard that activates after the regular installation process is completed
for Exchange 2000 (or 5.5). This wizard connects to the Exchange/Windows
2000 user database in order to allow the administrator to configure rules
on a per user/group basis and to validate the Mail essentials license.
Mail essentials can also be installed on a machine other than the Exchange
2000 server to reduce load at the server.
The documentation is clear, concise and user-friendly, tough there were
some flaws. The inclusion of multiple version instructions in the same
manual is not my favorite means of documentation. Another failing in the
manual was the index: a 19-item index for a 96-page manual isn't very
helpful. On-line help was straightforward. The manual gave a good overview
of the product and, for the Exchange Administrator who wants to justify
the expense to the Finance department, they even include a very good section
on the importance of a secure e-mail system.
Mail essential acts like an e-mail firewall and has all the expected bells
and whistles. Key features and enhancements include anti-spam, e-mail
encryption, e-mail archiving, disclaimers, personalized auto responders
and POP3 downloading. All of this is transparent to the user and has the
benefit of requiring no training for users and little, if any, additional
administration beyond the initial set-up. Mail essentials, which includes
the industrial strength, highly regarded Norman antivirus engine scans
all inbound and outbound mail both internally and inter-company. Attachments
with a high likelihood of carrying a virus, worm or other nasty (.exe,
.vbs) can be quarantined and assessed. The latter method is ideal since
it is impossible to keep up with every new virus or a custom made worm/attack
designed with the sole purpose of infiltrating YOUR network.
Content checking and filtering can block out messages based on a number
of options, sending them to quarantine or removing unwanted attachments.
It is up to you to decide what you want to block, look for and secure
against and how you're going to do it. You can, for example, quarantine
all messages that contain business inappropriate words or pejoratives
in either the message itself and/or attachments. Word lists can be imported
from simple text files and you can add your own to the list. Encrypted
mail can be tagged and quarantined for review. Configuration options allow
to remove files because they're potential virus or worm sources (e.g.
.exe and .vbs files) or because of their impact on your bandwidth (.mp3
Mail essentials can also automatically compress mail attachments at the
server level, with the dual effect of saving user time and reducing bandwidth
usage. It can also check for script code in the message body itself. Mail
essentials will also detect a Word or Excel attachment that contains a
macro and automatically remove the macro before sending it on to the recipient.
A similar system also traps HTML scripts. The latter are often a large
security gap in e-mail protection and are becoming an increasingly popular
conduit for hackers and virus writers to trigger client side commands
by embedding them in HTML mail. Mail essential detects these commands
and automatically removes them. Again the HTML mail is still sent to the
recipient, but with the HTML command disabled. This will generally disable
banner scripts and forms included in newsletters, but is a small price
to pay for security.
One of the advantages of the Mail essential system of detection and removal
of macros and HTML scripts is that it is not dependent on anti-virus products
being up to date. GFI's approach doesn't give a hoot whether a macro-borne
virus is past, present or future—detection and removal will occur
Spam is addressed in an elegant fashion at the server level by intercepting
an incorrect "Reply To" address or a message header containing an incorrect
domain. There are also the expected options of refusing mails form domains
or deleting mails with certain strings in the body.
Disclaimers, which are useful from a legal point and hence offer some
peace of mind to the risk management staff, can be added to the end of
all outgoing messages.
|Mail essentials offers macro blocking, among many other
options that you can configure. (Click image to view larger version.)
I threw all of the test viruses I had against Mail essentials on
my test network. And then I tossed in a few wild ones that I had lying
around in undeleted e-mail off my ISP. (Don't shudder, Roberta: I like
reinstalling Windows 2000 Server and Exchange 2000). Mail essentials grabbed
them, quarantined them and sent messages to the administrator, sender
and receiver (which I had configured it to do) that something was amiss.
The messages were straightforward e.g. "A message from so and so wasn't
delivered because it had a virus (or script or whatever) in it." I think
it ate the viruses as well. I never did figure out what it did with the
scripts it banished.
It's hard to fault Mail essentials for completeness or ease of operation
of what you need in a mail system security product. What failings it had
were relatively minor, primarily in the lack of some of the nifty administrative
tools and monitoring options you can find in other products. Still Mail
essentials does what it was designed to do: identify, hunt and kill anything
that looks like a threat to e-mail security with the quiet relentlessness
and thoroughness of white blood cell gobbling an intruder in your bloodstream.
David W. Tschanz, Ph.D., MCSE, is author of the recent "Exchange Server 2007 Infrastructure Design: A Service-Oriented Approach" (Wiley, 2008), as well as co-author of "Mastering Microsoft SQL Server 2005" (Sybex, 2006). Tschanz is a regular contributor to Redmond magazine and operates a small IT consulting firm specializing in business-oriented infrastructure development.