Product Reviews

A Ninja at the Gate

Messaging Ninja keeps a watchful eye on the e-mail moving in and out of your Exchange network.

Messaging Ninja
Documentation 10%
Installation 20%
Feature Set 30%
Performance 20%
Management 20%
Overall Rating:

1: Virtually inoperable or nonexistent
5: Average, performs adequately
10: Exceptional

Since everyone relies so heavily on e-mail for both internal and external communication, it's a prime target for anyone from petty hackers to professional criminals. Protecting your e-mail infrastructure against these threats adds an additional set of complex tasks to an already overburdened workload. Mail server administration has grown from a single task for a single admin to a multifaceted strategic effort that requires an entire dedicated team.

Microsoft's Exchange Server is the predominant e-mail platform because of its integration with Windows, scalability and rich feature set. Exchange 2003 is the latest and greatest so far. (Look for Exchange 2007 later this year.) However, it sorely lacks tools to protect mail servers and users from attacks.

There are a number of products available today that provide you with varying degrees of assistance. Most of the enterprise-class anti-virus software companies have plug-ins or stand-alone utilities for scanning mail. Other products help you create and manage blacklists and white lists (for blocking or allowing all messages based on the source of the e-mail).

Using a combination of products can be time consuming, and having multiple pieces of software installed on your Exchange servers creates additional levels of complexity in terms of administration and troubleshooting. Ideally, you would have a single product to help manage as many of these issues as possible. One such product is the Messaging Ninja from Sunbelt Software.

Many Tasks, One Tool
Messaging Ninja is a policy-based Exchange add-on that includes filtering, virus scanning, incident reporting and phishing protection -- among other things. Basically, Ninja's functionality covers four main areas:

  • Anti-spam
  • Anti-virus
  • Attachment Filtering
  • Reporting

Messaging Ninja is really a series of services that you install on your Exchange server(s). There are also Exchange plug-ins and various management components.

For reporting purposes there's a database back-end, which can be either Microsoft Access or Microsoft SQL Server. If you choose Microsoft Access, it will automatically deploy an Access database on the Exchange server. If you choose SQL Server, you'll need to have an installation already in place, as well as the connection information.

You'll need to install Ninja on each of your Exchange servers to fully protect the entire environment. Ninja supports clusters in the Active/Passive configuration, although the application isn't fully cluster-aware and requires some special handling to run correctly on a cluster. Fortunately, Sunbelt has very straightforward documentation to accomplish this type of installation.

After installing Messaging Ninja, you use a Microsoft Management Console (MMC) snap-in to configure settings, manage policies and view reports. Because of the familiar interface, configuring Ninja is a matter of simply walking through each node in the explorer on the left side of the console and creating or editing policies and configurations to enable or disable functionality.

Besides the primary MMC console, Ninja includes a few extra wizards to help with various tasks. There's a quarantine viewer you can configure to display quarantined items from multiple Ninja servers, a report viewer that displays input from multiple servers, and several small console applications you can use in conjunction with Sunbelt's support group to capture information about the server. The management console also has quarantine and report views, but those views are specific to the server you're managing.

Sorting Through Spam
Ninja lets you create custom spam policies that apply to different recipients. Configuring these policies includes setting quarantine actions and locations. You can also specify whether or not users are allowed to create personal block/allow lists. Each policy has a collection of rules that are applied to all messages received by the recipients configured to use that policy.

Figure 1
[Click on image for larger view.]
Figure 1. Messaging Ninja's anti-spam component gives you a full summary of its spam filtering activity.

For example, you can add a rule specifying that all messages coming from a certain IP address with the word "Widget" in the subject line will be automatically deleted. In fact, you can even specify a specific string for any text-based field (like body, subject, or attachment name).

Even better, you can use a regular expression to search for any type of string that matches a specific pattern. Using regular expressions, you can filter mail based on any number of combinations of character strings. This allows for a higher level of flexibility than a simple string match.

Once you've created your custom policies, Messaging Ninja will add recipients to each policy. At that point, you can enable or disable policies with a single click, changing filtering behavior for all of the configured recipients without having to manage each individual user.

What's Next

As this review went to press, Sunbelt was getting ready to release version 2.1 of its Messaging Ninja. Here's what's coming in the new version:

• Global Disclaimer: You can now add a disclaimer to all outbound e-mail. You can also bypass the disclaimer on a per-message basis or specify its use for certain recipients.

• Policy-Based Disclaimers: Policy-based disclaimers let you use different disclaimers for groups of users.

• Disclaimer Templates: The templates let you set up disclaimers using HTML or plain text. Template samples include legal disclaimers, virus warning disclaimers and copyright disclaimers.

• Updated Anti-Spam Engine: Cloudmark's latest engine blocks current spam variants like image spam.

• Console Enhancements: The updated console has new database management tools, enhanced proxy support for systems that utilize NTLM authentication and new report formats.

Virus Patrol
Virus scanning is one of the most important aspects of mail management, and usually the highest priority item in any Exchange environment. Ninja provides two virus-scanning engines: BitDefender and Authentium; and registers both of these engines with Exchange, which enables both to scan all messages.

You can enable and disable either of these engines as needed. Other configuration options include setting file size limits (scanning a 6MB file can take a while, so you can just quarantine it and move on), nested file scanning limits and configuring custom messages. The custom messages use basic variable replacement to let you customize the message end users see when one of their messages has been cleaned or quarantined.

You can also configure actions for handling attachments based on file type. For example, you can choose to quarantine, delete or deliver any of the following: corrupt compressed files, encrypted compressed files, encrypted messages or infected digitally signed messages. You can also start a full scan of the Exchange Information Store from the Antivirus configuration screen if needed. Obviously, you should only do this in very specific circumstances, as this level of scan will have a huge impact on performance.

Finally, you can create customized notifications to send based on specific actions taken on individual messages. You can have notifications sent to anyone, and use other variable-based methods of text replacement to create messages that describe actions taken.

Attachment Analysis
One of the most frustrating issues for users is the inability to send attachments to co-workers or clients. Your users have to send everything from spreadsheets to console applications every day via e-mail. Unfortunately, many of these file types can contain harmful code and therefore represent a serious threat to our organizations.

The only real way to defend against threats posed by attachments is to strip specific types of attachments from e-mails. Ninja specifically addresses the need to balance threat management against user productivity by allowing policy-based attachment filtering. You can specify which file types to filter. You can also choose to filter them inbound or outbound and internally or externally, based on your requirements.

Ninja also provides Suspicious Mail Attachment Removal Technology (SMART) rules, which can detect the file type of an attachment regardless of the actual file extension. This will prevent users from working around policies by renaming files. As with spam management, administrators can apply policies to specific users (or groups of users), and enable or disable policies with a single click.

Roll the Reports
After all this e-mail activity, you'll want to know what Messaging Ninja has done. Ninja includes a set of established reports that provide you with feedback on a number of metrics, including viruses detected, file extensions encountered, items quarantined and details on spam processed by the Exchange server.

You can configure all the reports for a specific date range, and change the value on reports that include a specific number of items, like "Top 10 Viruses Found." You can preview or print reports directly from the management console and export them to any of a number of standard formats.

You can also restrict access to certain reports based on Active Directory groups, which gives you a degree of security around report access. Unfortunately, there isn't any custom report generation currently supported in Messaging Ninja. Perhaps that will be included in a future version of the product. If you use SQL Server as the back-end, you could create custom reports using a third-party reporting tool such as Crystal Reports or Microsoft Reporting Services.

As an Exchange administrator, you have enough to deal with when it comes to managing your environment. Sunbelt's Messaging Ninja provides a comprehensive solution that can help you manage spam, scan for viruses, and filter attachments -- and report on all this activity with very little administrative overhead.


comments powered by Disqus

Subscribe on YouTube