> The GFI Exchange product MailSecurity only offers VSAPI. They point out > that MS won't support anything other than VSAPI, but realistically, if > there is a problem with your Exchange server, MS won't support anyone's AV > product, and will ask you to disable it for the purpose of > troubleshooting. My understanding is that any anti-virus product that wants to scan inside the IS must use the VSAPI. > With GFI, you can't leverage an existing license (for instance, if you > already own Kaspersky, you still have to pay them to use the engine in > their product.) Understandable as the engine in GFI is an OEM version and is specificly configured for GFI. > Currently it is not possible to set MailSecurity to automatically delete > attachments that violate the Trojan and Executable scanner, it can only > quarantine it and wait for the administrator to approve or reject). FYI, if a message is infected with a virus laden attachment, the message is worthless. There is no legit reason to remove or otherwise clean the message and then send it on its way. This is an extremely bad practice that some anti-virus engines insist on doing. We consider those messages worthless and only cause confusion and problems with and for users. > Other exchange antivirus products used to send notification to the > administrator on what to do and if any configuration needed when a new > vulnerability or a new outbreak is there even to the firewall part, GFI > doesn't do that (I am registered to all their news letters), when I > emailed them they said they don't do that. In best case scenario, that works. However, being proactive and watching what is happening on the server tells me a lot quicker about a new virus than waiting for a notice. I have found Sophos notices to be about the quickest, but even then it takes a hour or more for the notice to be sent out. What we have to rely on is multiple layers of defense. In my case, I ban all executable type files which has stopped cold new virus outbreaks as they start. Now, I am not saying you should use/rely on GFI, as all products have pluses and minuses. Remember people: Viruses and spam must be treated as security threats. As such they must be dealt with in a multi layered approach, not just relying upon one point of scanning. John T eServices For You