Re: FW: Warning Message: Your services near to be closed.
- From: "Steve Moffat" <steve@xxxxxxxxxx>
- To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 15 Jun 2005 15:38:31 -0300
Inline
-----Original Message-----
From: Ruba Al-Omari [mailto:romari@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, June 15, 2005 2:11 PM
To: ISA Mailing List
Subject: [isalist] Re: FW: Warning Message: Your services near to be
closed.
http://www.ISAserver.org
Regarding MailSecurity:
The GFI Exchange product MailSecurity only offers VSAPI. They point out
that MS won't support anything other than VSAPI, but realistically, if
there is a problem with your Exchange server, MS won't support anyone's
AV product, and will ask you to disable it for the purpose of
troubleshooting.
(Steve) What's the issue here then, MS will ask you to disable any third
party apps, not just GFI's.
With GFI, you can't leverage an existing license (for instance, if you
already own Kaspersky, you still have to pay them to use the engine in
their product.)
(Steve) Woohh. A whole hundred dollars. It's also a different
application.
The GFI gateway product is a mail relay, which goes against Microsoft's
best practices. Microsoft recommends Stack scanning at the SMTP gateway.
(Steve) The GFI Gateway Product is installed on an SMTP Gateway, It's a
mail Relay Server, not a mail relay, totally different.
In a typical Exchange deployment (i.e. front-end in DMZ, back end
internally deployed), GFI's Mail security is unable to scan the
front-end server, it requires an additional product (MailSecurity SMTP
gateway mode)
(Steve) Don't be silly, it gets installed on the FE Server.
GFI has issues determining recipients in VSAPI, so if an item is
quarantined, the user is notified, and has to resend the item once it is
released.
(Steve) Ridiculous, resend...how else would you delver it if is
approved??
GFI can't purge, or even delete an entire email, only a part (i.e. body,
attachment1, attachment2)
(Steve) Rubbish.
For example in my case I have 600+ users, having an anti virus that is
not transparent to the user will drive you crazy because of the users
calling to query about the notifications they received. I contacted GFI
to have the option to redirect the email notification to a service
account rather than sending the notification to the user (like you can
do with Symantec and Antigen), they said they will see if other people
will ask for it then they might have it in new releases.
(Steve) The notifications can be turned off.
Currently it is not possible to set MailSecurity to automatically delete
attachments that violate the Trojan and Executable scanner, it can only
quarantine it and wait for the administrator to approve or reject).
(Steve) This is good for false positives.
Regarding GFI Mail Essentials:
The GFI spam detection technology relies heavily on Basyian which is an
obsolete technique now, isn't it? And can be easily fooled. At first I
was happy with the anti spam detection rate, it became worse and worse,
by worse I mean the false positives and false negative rate, in order to
keep them effective a lot of manual work is required which means
draining down IT resources.
(Steve) 1 hour a week is not excessive. I very very rarely have to
tamper with it. 250 users
I needed to change the notification template to include our company's
name and web address for example, I don't want to do that in each email
notification template, is there a place to change the values of
[PRODUCTSUITE] and [COMAPNYWEB] or the other values?
Support answered me that I couldn't do that and I have to change the
value in each notification.
The funny thing is when I emailed the support; they first wanted to know
which product version am referring to, so I thought that there is a
version of the product that actually does that, after I sent my reply
they said no you can't do this with GFI! Then why don't you tell me from
the beginning? What difference did it make emailing my product release
number to you? (just wasting my time?:))
(Steve) Easy done.
Other exchange antivirus products used to send notification to the
administrator on what to do and if any configuration needed when a new
vulnerability or a new outbreak is there even to the firewall part, GFI
doesn't do that (I am registered to all their news letters), when I
emailed them they said they don't do that.
(Steve) As the defs get updated every hour by default, then there really
is no need for separate notification.
These might seem like minor issues to some people, but when exchange is
10% of the network administration then you need something like Antigen
you install it and leave it, you don't know it exists and yet you are
protected (most of the times ;)).
r.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
The correct technical term for haggis stalking is "havering".
Other related posts:
