Inline -----Original Message----- From: Ruba Al-Omari [mailto:romari@xxxxxxxxxxxxxxxxx] Sent: Wednesday, June 15, 2005 2:11 PM To: ISA Mailing List Subject: [isalist] Re: FW: Warning Message: Your services near to be closed. http://www.ISAserver.org Regarding MailSecurity: The GFI Exchange product MailSecurity only offers VSAPI. They point out that MS won't support anything other than VSAPI, but realistically, if there is a problem with your Exchange server, MS won't support anyone's AV product, and will ask you to disable it for the purpose of troubleshooting. (Steve) What's the issue here then, MS will ask you to disable any third party apps, not just GFI's. With GFI, you can't leverage an existing license (for instance, if you already own Kaspersky, you still have to pay them to use the engine in their product.) (Steve) Woohh. A whole hundred dollars. It's also a different application. The GFI gateway product is a mail relay, which goes against Microsoft's best practices. Microsoft recommends Stack scanning at the SMTP gateway. (Steve) The GFI Gateway Product is installed on an SMTP Gateway, It's a mail Relay Server, not a mail relay, totally different. In a typical Exchange deployment (i.e. front-end in DMZ, back end internally deployed), GFI's Mail security is unable to scan the front-end server, it requires an additional product (MailSecurity SMTP gateway mode) (Steve) Don't be silly, it gets installed on the FE Server. GFI has issues determining recipients in VSAPI, so if an item is quarantined, the user is notified, and has to resend the item once it is released. (Steve) Ridiculous, resend...how else would you delver it if is approved?? GFI can't purge, or even delete an entire email, only a part (i.e. body, attachment1, attachment2) (Steve) Rubbish. For example in my case I have 600+ users, having an anti virus that is not transparent to the user will drive you crazy because of the users calling to query about the notifications they received. I contacted GFI to have the option to redirect the email notification to a service account rather than sending the notification to the user (like you can do with Symantec and Antigen), they said they will see if other people will ask for it then they might have it in new releases. (Steve) The notifications can be turned off. Currently it is not possible to set MailSecurity to automatically delete attachments that violate the Trojan and Executable scanner, it can only quarantine it and wait for the administrator to approve or reject). (Steve) This is good for false positives. Regarding GFI Mail Essentials: The GFI spam detection technology relies heavily on Basyian which is an obsolete technique now, isn't it? And can be easily fooled. At first I was happy with the anti spam detection rate, it became worse and worse, by worse I mean the false positives and false negative rate, in order to keep them effective a lot of manual work is required which means draining down IT resources. (Steve) 1 hour a week is not excessive. I very very rarely have to tamper with it. 250 users I needed to change the notification template to include our company's name and web address for example, I don't want to do that in each email notification template, is there a place to change the values of [PRODUCTSUITE] and [COMAPNYWEB] or the other values? Support answered me that I couldn't do that and I have to change the value in each notification. The funny thing is when I emailed the support; they first wanted to know which product version am referring to, so I thought that there is a version of the product that actually does that, after I sent my reply they said no you can't do this with GFI! Then why don't you tell me from the beginning? What difference did it make emailing my product release number to you? (just wasting my time?:)) (Steve) Easy done. Other exchange antivirus products used to send notification to the administrator on what to do and if any configuration needed when a new vulnerability or a new outbreak is there even to the firewall part, GFI doesn't do that (I am registered to all their news letters), when I emailed them they said they don't do that. (Steve) As the defs get updated every hour by default, then there really is no need for separate notification. These might seem like minor issues to some people, but when exchange is 10% of the network administration then you need something like Antigen you install it and leave it, you don't know it exists and yet you are protected (most of the times ;)). r. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx The correct technical term for haggis stalking is "havering".