Antigen for Microsoft Exchange 8.0
Sybari's first claim to fame was that its product replaced the Exchange Extensible Storage Engine (ESE) DLL with Sybari's version in Exchange Server 5.5, with the purpose of offering features and performance that Microsoft didn't yet support. If the idea of letting a program replace your Exchange DLLs makes you sweat, you'll be glad to know that Sybari Antigen for Microsoft Exchange can now use either ESE- or Exchange Virus Scanning API (VSAPI)-based scanning.
Antigen supports eight scanning engines, using CA Vet and InoculateIT, Norman Data Defense, and Sophos Anti-Virus by default (as Figure 3 shows) and also offering support for Command, Kaspersky, Virus Busters, or AhnLab V3 engines (if you've purchased them). The idea is that if one engine misses a virus, another will catch it, but after testing the product, I don't buy this theory. Antigen came in fourth in my accuracy tests. You might wonder why Antigen's accuracy results were lower than eTrust's even though Antigen uses both CA scan engines. By default, Antigen uses at least two engines to scan each message, but it determines how many engines must complete a scan of each message at runtime. You can use this setting, called the bias, to direct Antigen to use only one engine, multiple engines, or all available engines, depending on your requirements. Sybari recommends setting the bias to Maximum Certainty during a virus outbreak. When using bias settings other than Maximum Certainty, Antigen chooses from the available engines, but gives priority to engines based on historically accuracy and the age of virus definitions.
Antigen has an easy-to-use set of management features. You can perform remote installations, manage multiple servers, and configure automatic updates of all the scanning engines from one client installation or from the web-based Sybari Enterprise Manager (SEM). The product also lets you switch between ESE scanning mode and VSAPI scanning mode after installation.
Poor accuracy, sub-par performance, poor support for scanning file types, and no content filtering inside attachments prevents me from recommending Antigen. Still, you might consider the product for larger Exchange infrastructures that have plenty of extra CPU cycles to run additional engines with a bias towards certainty or if you want to go with an all-Microsoft solution.
Correction (Added online after publication date):
I had some additional notes about Antigen that didn’t make it into the print issue of this article. For users considering the product in larger environments, Sybari’s multiple scan engine technique can offer many benefits. For example, you can run Antigen on Exchange Server bridgehead servers and backend servers. Antigen can use the Max Certainty bias setting to get the benefits of all its scan engines on the bridgehead server where performance is less of a consideration. Antigen can then use the Favor Performance bias setting on backend servers where performance directly impacts user’s experience. Such an environment can give you the best of both worlds. Also remember that although using multiple scan engines takes more processor power, the effects aren’t cumulative; Two engines doesn’t take twice as long as using one.
Antigen had some other benefits not fully described in print. The Sybari suite I tested included Sybari Advanced Spam Manager for spam and content filtering. Sybari’s Intelligent suite supports setting the Exchange Spam Confidence Level (SCL) to quarantine spam or forwarded it to Outlook junk mail folders.
Also note that although the current version of Antigen doesn’t perform content filtering within attachments, it fully supports blocking attachments based on the file type and scanning attachments for viruses. Sybari will include content filtering inside attachments in the next version of the Antigen.
Mail Security for Microsoft Exchange 4.6
Symantec Mail Security for Microsoft Exchange's virus-scanning accuracy took only a slight second to Active Mail Protection's and offered much better performance in my tests. Although Mail Security, which Figure 4 shows, missed some attachment types in my content-filtering tests, it was the best overall solution and wins Editors' Choice in this comparative.
Two noteworthy features of Mail Security are Rapid Release virus definitions and Premium AntiSpam. Rapid Release definitions are released earlier than Symantec's regular virus definitions are, but are tested less-thoroughly and tested only on Windows. Using Rapid Release is free and can help protect against new threats. Premium AntiSpam (originally a Brightmail product) is a separately purchased, signature-based antispam add-on that blocks messages from known and suspected spammers. Symantec reports that these antispam signatures are created by using data from more than 20 million decoy email accounts. If you don't want to buy Premium Antispam, Mail Security includes basic heuristic- and blacklist-based antispam functionality. Both versions let you take action according to Exchange Spam Confidence Level (SCL) values; you can specify which SCL value you want the product to set on detected spam. Disappointingly, Mail Security's content filtering failed to catch problem text inside a .pdf, .rtf, and zipped word file. However, it did successfully filter a Unicode text file, something both GroupShield and ScanMail failed to do.
In addition to remote deployment, Mail Security includes the multiserver console, an MMC snap-in that lets you manage remote instances by user-defined groups. The console let me synchronize settings with the server that I added for management testing. My only complaint was that the multiserver console requires a separate machine on which to store configuration data, so all your messaging administrators must have access to that system.
Mail Security offered great accuracy and acceptable performance. I loved the regular expressions–based content filtering, detailed options for integrating with SCLs in Exchange, and the well-organized, responsive UI.
ScanMail for Microsoft Exchange 7.0
Trend Micro ScanMail for Microsoft Exchange, which Figure 5 shows, targets the most current and harmful threats. Unsurprisingly, then, Exchange quickly delivered all my test messages, but ScanMail caught only 3279 of the 4303 viruses. (A spot check showed that the product did catch Melissa, Blaster, Loveletter, and Nimda.)
ScanMail offers a spam-filtering technology (similar to Symantec's Premium Antispam) but doesn't let you control how it sets SCLs in Exchange. The product's content filtering supports regular expressions and scanned inside most of the attachment types that I tested.
Though not as complex as Mail Security or Active Mail Protection, ScanMail's management features are probably sufficient for most organizations. The ScanMail installer let me simultaneously deploy the product to multiple Exchange servers. Each server connects to a Web-based management console, but you can automatically replicate settings to other servers to manage a larger Exchange infrastructure. And ScanMail's outbreak-management feature can generate alerts according to the number of viruses or attachments blocked in a given period.
Trend Micro's virus-definition strategy might make its results look less than optimal, but the viruses it misses might not be ones you'd see in the wild. The product's performance and feature set were both amazing, so I strongly recommend ScanMail if speedy email delivery is of paramount importance.
Get What You Need
I've tried to give you an idea of how some of our readers' favorite mail-server antivirus products stack up, but take a look at the features listed in Table 4 to get more information about which product offers the features that matter most in your environment. Also, you can find out about many other available Exchange antivirus products by visiting our IT Solution Center (see Interact! for details).
End of Article
Register
