Nemx Power Tools for Exchange Server

October 2004

We would like to take this opportunity to share with you some tips and provide information about additions and improvements to Nemx Power Tools and SecurExchange and how these enhancements can benefit you in your fight against the recent spam, viruses, and Exchange Server interrogation attacks.

Version 5.0 now available:

Version 5.0 of Nemx SecurExchange and Nemx Power Tools are now available for General Availability. The press release can be obtained from http://www.nemx.com/aboutnemx/newsandevents/PressReleases/PressRelease-PowerTools50.asp.

Version 5.0 will be a free upgrade to all customers currently within a Support and Upgrades plan. More information on Version 5.0 can be found at our website; however here is a snapshot of what is new in Version 5.0:


IMF Extensions:

Exchange 2003 contains a feature called the Intelligent Message Filter or IMF. While the IMF is reasonably effective in tagging spam, it is quite limited in what it can do with that tagged message. Based on global thresholds, the IMF can either delete, quarantine, or move the message. This does not provide an organization with any flexibility in addressing user’s requirements for the handling of spam. This is where Nemx Power Tools comes in. Power Tools allows any number of thresholds and resulting actions to be assigned to a group of users. For instance, in an educational environment, staff could have triggered email moved to subfolder, while the email would be deleted for students. In addition, Power Tools features like Friendly Domains can prevent the IMF from even triggering on a message, thereby reducing lost mail from your business partners. Power Tools truly makes the IMF useable as an organization can now balance their need for security, productivity, and performance with their corporate and user’s needs for the receipt and handling of true business email.

A How To on the example can be found at
http://www.nemx.com/products/powertools/HowTo/ExchangeSCL.asp

SURBL Support:

Spam URL Real-time Blacklist are similar to standard RBLs, however they do not trigger on the sender’s IP like standard RBLs, but rather on websites and embedded images found within the message. SURBLs by themselves are highly accurate and combined with Nemx Power Tools reliability weighting of multiple SURBL sites results in a high success rate of spam triggers, while minimizing false positives. See http://www.surbl.org for additional information.

NDR Rules:

The Address Manager component contains a number of specific rules to assist in dealing with NDRs that arrive at your Exchange Server. For instance, Address Manager can detect spoofed NDRs and NDRs destined to non-existent recipients and take the assigned action. In most cases this would be “Delete Message”. This reduces the number of false email that an organization receives and can improve Exchange overall performance.

Spam Confidence Level (SCL):

A new Action type has been defined to keep a running total (or weight) of all rules that have been triggered. Once the scanning is complete an Action based on the total SCL value is invoked. This will allow greater confidence in assigning a harsher action (i.e. Delete Message) to triggered message and can subsequently reduce the number of messages that may be quarantined.

Move to Subfolder Action:

Action handling has also been enhanced to allow a message to be moved to any subfolder within the user’s mailbox. This is extremely powerful as an organization can delegate the responsibility of what to do with spam mail down to its end users. Further, as any number of actions may be assigned to a triggered email, mail may be moved to different folders, depending on the detection means, the categories as determined by Concept Manager, or the membership within a distribution list. This feature is only supported for Exchange 2003 and 2000. If you require this facility for Exchange 5.5, please contact info@nemx.com

Non Signature Based Virus Detection:

Nemx has incorporated new technology from our anti-virus partner Norman Data Defense which makes it possible to catch viruses and other malicious software before virus signatures have been released. The Norman Sandbox technology represents a milestone in non-signature based detection of new, unknown viruses' utilizing far superior techniques to those adopted by pure heuristics. This unique technology detects and stops the malware attached to an email based on behavior even before any virus signature file is created for this specific threat. In a recent review, a leading security industry research team ranked this technology as the best of the AV industry. For more information on this technology review, see http://www.norman.com/News/Press_releases/17613/en.

Virus Class Actions:

Viruses are now classified on their type of infection and spreading mechanism. Different actions may be assigned to each of these virus types. For instance a Mass Mailer type of virus may have an Action of “Delete Message” associated with it, while a Word Macro virus might be assigned an Action to just clean the virus and leave the message intact. This can ultimately reduce the number of infected emails that move through an Exchange installation during a mass mailing virus outbreak.

Concept Manager:

Concept Manager has been enhanced with the addition of new concepts and more aggressive concept analysis of existing categories. In addition, false positives have been reduced thanks to the many customers and evaluators that have forwarded both missed and false positive type spam to Nemx for review. These efforts combined with some additional enhancements to Concept Manager has improved the hit count and further reduced the low positive rate.



We hope that this newsletter and How Tos will help you in your daily battles with the effects of spam and viruses. If you have any thoughts on how Nemx Power Tools and SecurExchange can better your fight, by all means please let us know. Many of the features in the product come from customer suggestions, so keep them coming!