|
Nemx Power Tools for Exchange Server
June 2004
We
would like to take this opportunity to share with
you some tips and provide information about additions
and improvements to Nemx Power Tools and SecurExchange
and how these enhancements can benefit you in your
fight against the recent spam, virus, and Exchange
Server interrogation attacks.
Power
Tools – Virus Outbreak Control:
We
have seen that many of the mass mailing type viruses
of late have had variants that surfaced quite quickly.
T his
is primarily due to the copy-cat nature of others
who see new trends in virus approaches. Nevertheless,
these outbreaks usually place a strain on virus definition
updates, update servers, and general post virus cleanup
activities.
Nem
x
Power T ools
now has a feature that will
assist you during
a virus outbreak. Nem x
's Outbreak Control
allows an administrator to quickly define rules which
“hold” email meeting particular criteria (i.e. containing
a file attachment) until a later point in time. When
an administrator feels it is safe to allow this mail
in (i.e. Virus definitions are up to date or rules
are put in place to act upon this outbreak), “held”
mail can be easily allowed to enter the organization.
T his
is similar to a quarantine function, however the function
of holding and releasing the email is quite effortless.
In addition, “released” email is completely rescanned
for all known viruses, spam, content, address, and
concept violations.
Spam
Spoofing Detection:
Spammers
are starting to take other approaches to get their
message out. We are starting to see techniques used
by viruses to install trojans on other people's computers.
Once infected, the spammers use the infected computers
to create robots or zombies to distribute spam to
others and thus prevent themselves from being traced.
Further, to escape detection a number of different
“spoofing” techniques are now being used.
Nem
x
Power T ools
has added detection of these “spoofing” techniques
to its Spam M anager
component. By using these new Header Detection rules,
you can significantly reduce the amount of spam. Further,
the recent Zafi virus is using these same techniques
and can be stopped as well.
Viruses,
Viruses, and more Viruses:
T
he recent Zafi,
Netsky and Bagle viruses have continued to increase
general email traffic in the past few months. Zafi
has been extremely
frustrating in that the email addresses generated
by the virus results in a high number of non-e x
istent addresses,
which ultimately yields to numerous NDRs. A greater
threat is that spammers are now using virus like approaches
to take over unprotected servers and workstations
to act as spam zombies (see above section). By using
a combination of Nem x
SecurE x
change or the Address
M anager
component of Nem x
Power Tools, many
of these emails can be deleted before they result
in turning your network infrastructure into a spammer's
zombie node or generating excessive NDRs.
Nem
x
SecurE x change
Anti-Virus is an e x
tremely cost effective
add-on to Nem x
Power T
ools and can be
used to augment your present virus protection by providing
a perimeter barrier around your E x
change system.
Like Power T ools,
it's an E x change
Server product and doesn't require additional hardware,
software, pro x
y gateway, or port
remapping. T aking
this approach offloads mailbo x
servers and ensures
timely virus protection.
To
help you fight these new threats, Nemx is for a limited
time offering a 50% discount to e x
isting Power T
ools customers
for the SecurE x
change Anti-Virus
add-on. Please contact sales@nem x
for additional
information.
Quarantine
Form:
When
inspecting a quarantine message, the original internet
header of the triggered message is now available within
the quarantine form. This can provide a better view
of why the message might have been quarantined and
can allow for easier tuning of spam or content rules
to prevent false positives.
Empty
Email:
Spammers
interrogate your Exchange server for capabilities,
vulnerabilities and addressee information on a re-occurring
basis. During this process, blank emails or NDRs may
be generated and forwarded to the administrator or
other users. A simple Spam/Content Manager rule can
handle these empty emails and drop the SMTP session
preventing the spammer from finishing the current
“test”.
See
the following “How To” link on our website for additional
information at http://www.nemx.com/products/powertools/howto/EmptyEMail.asp
.
Power
Tools - Concept Manager:
Much
effort has been placed on “fine tuning” the policy
to reduce the already low number of false positives.
We have set up a special email address to receive
any email which has been falsely triggered or was
missed by Concept Manager. This email should be embedded
within an email and can be forwarded to analysis@nemx.com.
For
those not familiar with Concept Manager, it is an
add-on component to Nemx Power Tools that is used
to detect and filter junk mail or inappropriate content
with greater consistency, accuracy, and reliability.
It accomplishes this by understanding the meaning
or key concepts within a message, because no matter
what tricks spammers use, the meaning of the message
is always the same.
Version
4.2.15 now available:
A
new release of Nemx Power Tools and Nemx SecurExchange
are now available from our web site. Version 4.2.15
contains a number of enhancements that make your email
battles with spam, virus, NDRs, and content management
that much easier.
We
hope that this newsletter and How Tos will help you
in your daily battles with the effects of spam and
viruses. If you have any thoughts on how Nemx Power
Tools and SecurExchange can better your fight, by
all means please let us know. Many of the features
in the product come from customer suggestions, so
keep them coming!
|
