Re: FW: Warning Message: Your services near to be closed.
- From: "Ruba Al-Omari" <romari@xxxxxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Wed, 15 Jun 2005 11:11:01 -0600
Regarding MailSecurity:
The GFI Exchange product MailSecurity only offers VSAPI. They point out
that MS won't support anything other than VSAPI, but realistically, if
there is a problem with your Exchange server, MS won't support anyone's AV
product, and will ask you to disable it for the purpose of
troubleshooting.
With GFI, you can't leverage an existing license (for instance, if you
already own Kaspersky, you still have to pay them to use the engine in
their product.)
The GFI gateway product is a mail relay, which goes against Microsoft's
best practices. Microsoft recommends Stack scanning at the SMTP gateway.
In a typical Exchange deployment (i.e. front-end in DMZ, back end
internally deployed), GFI's Mail security is unable to scan the front-end
server, it requires an additional product (MailSecurity SMTP gateway mode)
GFI has issues determining recipients in VSAPI, so if an item is
quarantined, the user is notified, and has to resend the item once it is
released.
GFI can't purge, or even delete an entire email, only a part (i.e. body,
attachment1, attachment2)
For example in my case I have 600+ users, having an anti virus that is not
transparent to the user will drive you crazy because of the users calling
to query about the notifications they received. I contacted GFI to have
the option to redirect the email notification to a service account rather
than sending the notification to the user (like you can do with Symantec
and Antigen), they said they will see if other people will ask for it then
they might have it in new releases.
Currently it is not possible to set MailSecurity to automatically delete
attachments that violate the Trojan and Executable scanner, it can only
quarantine it and wait for the administrator to approve or reject).
Regarding GFI Mail Essentials:
The GFI spam detection technology relies heavily on Basyian which is an
obsolete technique now, isn?t it? And can be easily fooled. At first I was
happy with the anti spam detection rate, it became worse and worse, by
worse I mean the false positives and false negative rate, in order to keep
them effective a lot of manual work is required which means draining down
IT resources.
I needed to change the notification template to include our company?s name
and web address for example, I don?t want to do that in each email
notification template, is there a place to change the values of
[PRODUCTSUITE] and [COMAPNYWEB] or the other values?
Support answered me that I couldn?t do that and I have to change the value
in each notification.
The funny thing is when I emailed the support; they first wanted to know
which product version am referring to, so I thought that there is a
version of the product that actually does that, after I sent my reply they
said no you can?t do this with GFI! Then why don?t you tell me from the
beginning? What difference did it make emailing my product release number
to you? (just wasting my time?:))
Other exchange antivirus products used to send notification to the
administrator on what to do and if any configuration needed when a new
vulnerability or a new outbreak is there even to the firewall part, GFI
doesn?t do that (I am registered to all their news letters), when I
emailed them they said they don?t do that.
These might seem like minor issues to some people, but when exchange is
10% of the network administration then you need something like Antigen you
install it and leave it, you don?t know it exists and yet you are
protected (most of the times ;)).
r.
Other related posts:
