Security Content Management
Nemx Home
Security Content Management


Antivirus Main Page

 


Nemx Power Tools for Exchange Server


September 2004



 

We would like to take this opportunity to share with you some tips and provide information about additions and improvements to Nemx Power Tools and SecurExchange and how these enhancements can benefit you in your fight against the recent spam, viruses, and Exchange Server interrogation attacks.


SecurExchange – Proactive Malware Detection:

Today, an email worm can infect tens of thousands of workstations in a matter of seconds – the Bagle and myDoom viruses have shown the potential disruption and inconvenience these threats can produce. Anti-virus vendors must find the cure, update the virus definition files, and distribute this to their customers immediately. The need for speed is paramount. This is why Nemx has incorporated new technology developed by Norman Data Defense Systems, Nemx’s Anti-Virus partner for the past 9 years.

Norman's SandBox technology makes it possible to catch viruses and other malicious software before virus signatures have been released. The Norman SandBox technology represents a milestone in non-signature based detection of new, unknown viruses' utilizing far superior techniques to those adopted by pure heuristics. This unique technology detects and stops the malware attached to an email based on behavior even before any virus signature file is created for this specific threat.

Over the summer, the Norman SandBox proactively detected high profile worms including: Bagle.AI, Mydoom.L, Bagle.AH, Bagle.AF, Bagle.AE, Zafi.B without any definition files. This means that when these worms began circulating and other vendors rushed to write and post virus identification files, Nemx customers were not vulnerable. Nemx SecurExchange and Power Tools customers were protected even before updated virus definition files were available.

By implementing Nemx SecurExchange customers will, in the majority of new virus outbreak situations, avoid infections and costly overheads usually associated with virus outbreaks, after all prevention is better than the cure.

Nemx SecurExchange Anti-Virus is an extremely cost effective add-on to Nemx Power Tools and can be used to augment your present virus protection by providing a perimeter barrier or “Edge Protection” around your Exchange system. Like Power Tools, it’s an Exchange Server product and doesn’t require additional hardware, software, proxy gateway, or port remapping. Taking this approach offloads mailbox servers and ensures timely virus protection.


Exclude Lists when adding Disclaimers:

The Advanced Edition of Nemx Power Tools by nature scans all internal emails as well as email destined to and received from the internet. This means that the SignatureMaker component of Nemx Power Tools will attach any header or footer banners to all internal email as well as those destined to the internet.

To prevent SignatureMaker from adding banners to internal email, see the following “How To” link on our website for additional information at http://www.nemx.com/products/powertools/howto/ExcludeMailboxBanners.asp


Empty Message Bodies:

Spammers interrogate your Exchange server for capabilities, vulnerabilities and addressee information on a re-occurring basis. During this process, blank emails or NDRs may be generated and forwarded to the administrator or other users. A new capability has been added to the Content Message Body filtering to look for an empty message body.

A simple Spam/Content Manager rule can handle these empty emails and drop the SMTP session preventing the spammer from finishing the current “test”. Using a rule of “<empty>” will trigger the appropriate Action when an email has a blank message body.

See the following “How To” link on our website for additional information at http://www.nemx.com/products/powertools/howto/EmptyEmails.asp


Power Tools - Concept Manager:

Much effort has been placed on “fine tuning” the policy to reduce the already low number of false positives. We have set up a special email address to receive any email which has been falsely triggered or was missed by Concept Manager. Thanks to the many customers and evaluators that have forwarded both missed and false positive type spam to this account. These efforts combined with some additional enhancements to Concept Manager has improved the hit count and further reduced the low positive rate. Please continue to forward missed or false positives to this account. Policy updates will still occur monthly.

For those not familiar with Concept Manager, it is an add-on component to Nemx Power Tools that is used to detect and filter junk mail or inappropriate content with greater consistency, accuracy, and reliability. It accomplishes this by understanding the meaning or key concepts within a message, because no matter what tricks spammers use, the meaning of the message is always the same.

Version 4.2.19 now available:

A new release of Nemx Power Tools and Nemx SecurExchange are now available from our web site. Version 4.2.19 contains a number of enhancements that make your email battles with spam, viruses, NDRs, Exchange Attacks and content management issues that much easier.



Version 5.0 now in open Beta:

Version 5.0 of Nemx SecurExchange and Nemx Power Tools have finished a closed Beta period and are now available as a open Beta complete with full support. More will follow on this new version however here is a small sampling of the new features of Version 5.0:

SURBL Support: Spam URL Real-time Blacklist are similar to standard RBLs, however they do not trigger on the sender’s IP like standard RBLs, but rather on websites and embedded images found within the message. SURBLs by themselves are highly accurate and combined with Nemx Power Tools reliability weighting of SURBL sites results in a high success rate of spam triggers. See http://www.surbl.org for additional information.

Virus Class Actions: Viruses are now classified on their type of infection and spreading mechanism. Different Actions may be assigned to each of these virus types. For instance a Mass Mailer type of virus may have an Action of “Delete Message” associated with it, while a Word Macro virus might be assigned an Action to just clean the virus and leave the message intact.

NDR Rules: The Address Manager component contains a number of specific rules to assist in dealing with NDRs that arrive at your Exchange Server. For instance, Address Manger can detect spoofed NDRs and NDRs destined to a non-existent recipient and take the assigned Action. In most cases this would be “Delete Message”.

Spam Confidence Level (SCL): A new Action type has been defined to keep a running total (or weight) of all rules that have been triggered. Once the scanning is complete an Action based on the total SCL value is invoked. This will allow greater confidence in assigning a harsher action (i.e. Delete Message) to triggered message and can subsequently reduce the number of messages that may be quarantined.

Version 5.0 is expected to be in a General Available (GA) state within the next few weeks. The Beta version is available for download from website today. This will be a free upgrade to all customers currently within a Support and Upgrades plan.
 

 
 
Copyright 1996-2005, Nemx Software Corporation, All Rights Reserved. All trademarks used or referred to on this site are the
property of their respective owners. No materials on this site may be reproduced, altered, or further distributed without Nemx's prior written permission.