Security Content Management
Nemx Home
Security Content Management


Antivirus Main Page

 


Nemx Power Tools for Exchange Server

Nemx SecurExchange


March 2005



 

We would like to take this opportunity to share with you some tips and provide information about additions and improvements to Nemx Power Tools and SecurExchange and how these enhancements can benefit you in dealing with the various threats within your Exchange organization. These threats are more than just spam, viruses, and Exchange Server interrogation attacks. Today's world is a little different, as you now must be conscious of the consequences of the exposure of confidential or sensitive data, non compliance to federal or industry standards, and legal action over sexual and racial harassment. This is where Nemx comes in, being your total email content security watchdog for Exchange Server 2003, 2000, or 5.5.

 

Nemx Power Tools for Exchange Version 5.1:

 

Version 5.1 provides additional features and enhancements that allow you to effectively scan, monitor, archive and control all the message content that flows through your Exchange network, all within a single package. Specifically, Version 5.1 contains the following new features and enhancements:

 

  • SQL / ODBC Message Archival
  • General Statistics and Filtering Counters
  • Friendly Domain Enhancements
  • Zero Hour Anti-Virus Enhancements

 

Version 5.1 is now available for download for both Exchange 2003 / 2000 and Exchange 5.5 platforms. Version 5.1 is a free upgrade to all customers currently within a Support and Upgrades plan. Upgrade pricing is available to customers running an older version and wish to upgrade to Version 5.1. Please contact sales@nemx.com for any pricing or sales related questions.

 

 

SQL / ODBC Message Archival:    Whether regulatory or financial compliance or general corporate policy requires the retention of important email conversations, Nemx Power Tool's message archival capabilities can address these requirements for Exchange Server 2003, 2000, or 5.5. Nemx Power Tools action handling capabilities have been enhanced to support the archiving of exchange messages to a MS SQL or ODBC compliant database. An “Archive” action is available when creating or modifying an Action Handler. Once defined the action may be assigned to any of the filtering rules, components, or background public or private store scans. Archived messages contain the complete image of the email, along with specific key header information, filtering components and triggered rule information as separate database fields for easy “after the fact” queries using SQL or your favorite report writer.

 

The Message Archival action is available to any rule based or triggerable event within either the Internet or Advanced Editions of Nemx Power Tools for Exchange Server. Further, the event/action combination can be invoked for a subset of users via an include or exclude restriction making it perfect for providing audit tracking of particular departments (i.e. Finance), complete conversations pertaining to particular subject matter, or email communications between specific business partners, institutions, or government agencies.

 

 

Statistics:    Nemx Power Tools keeps statistics on the mail that passes through its various scanning components. These statistics are available for display from the Statistics property page, which is part of the configuration dialogs for the Nemx Power Tools object in either the Exchange System Manager or Exchange Administrator . Counters are available on the number of total messages, inbound messages, outbound messages, mail originating from friendly domains, and triggered messages. Reports are also available which show the current totals for the various filtering components and the individual rules being triggered.

.

 

Friendly Domains:    Friendly Domains provide a means to white list emails, based on the sender's domain thereby bypassing specific filtering components of Nemx Power Tools or Exchange's IMF. This is accomplished manually by entering the domain name, or automatically based on general email traffic patterns to and from that domain. Thresholds are defined which when met move a domain to a “friendly” status. However over time, that domain may not be considered friendly due to changes in weekly correspondence. In some case, you may want to white list a domain forever. In this fashion once a specific amount of mail has been sent to a domain, it will always be considered friendly. To specify this mode of operation, specifying 0 (zero) consecutive weeks will always keep a domain friendly once it has meet the other daily thresholds. Domains that support a wide user community, like hotmail.com, can never be defined as friendly. If you need to white list a particular address, then use the Addressee filter of the Spam Manager component.

 

In addition, IP addresses may now be added to the friendly domains list so that mail being relayed through the server can pass through “un-filtered”. T his is key to preventing mail originating from internal or VPNed users or local servers from being treated as e x ternal email and triggering such events as “No Local Recipients”.

 

Zero Hour Anti-Virus:    The average release delay for virus signature files is 6-8 hours from the moment a new virus hits until the users are able to receive the updates. Obviously, a signature-based procedure does not provide real-time protection from new and unknown viruses. T his is why Nemx has incorporated new technology from Norman, our anti-virus partner for the past 10 years. Norman 's new technology provides proactive detection, which is the ability to identify and deal with a threat as it arises, rather than wait for the creation and distribution of signature files. The main difference from traditional virus protection is that it does not only rely on virus signature files to stop new viruses. Norman' technology stops the viruses before they enter your Exchange server by analyzing their behavior in a simulated environment.

Norman 's technology has identified most of the major virus attacks during the last year and is now available on all editions of Nemx SecurExchange AV. For those already running a conventional ant-virus product, SecurExchange AV is worth considering adding as a second layer of defense due to its high ROI and proven proactive abilities.

 

SecurExchange IMF Edition 5.1:    SecurExchange IMF Version 5.1 is also now available from our web site. Version 5.1 builds upon the success of version 5.0 and provides the following new additions:

 

    • SQL / ODBC M essage Archival
    • General Statistics and Filtering Counters
    • Friendly Domain Enhancements
 

 

Support is also provided for Exchange's IF update V2 which was made available in February 2005 by Microsoft.

 

Nemx SecurExchange – IMF is a new low cost plug-in that has been designed to address the short comings of Microsoft's Intelligent Message Filter (IF) offering for Exchange 2003. Nemx SecurExchange – IMF adds a few configuration dialogs to extend the IMF and can be “up and running” in minutes safeguarding your important business mail. Nemx SecurExchange – IMF is priced at $249 US per Exchange Server.

 

SecurExchange – IMF improves Exchange's Intelligent Message Filter (IMF) usability by:

 

  • adding the ability to control thresholds and actions on a group by group basis, allowing your organization greater control in dealing with lost mail destined for sensitive users
  • bypassing IMF processing by addressee, domain, or “self-sensing” white listing ensuring true business partner's emails are delivered
  • offloads administrators “un-archiving” tasks to users by moving messages to different spam folders or deleting the message based on the SCL value and recipient.

 

 

 

Tips and Updates:

 

New SURBL Database:    A new SURBL database is now available, jp.surbl.org. This database has a very good spam detection rate around 80% and a very low false positive rate below 0.02%. JP.SURBL.ORG should be added to your Content M anager | SURBL filtering rules as a Reliable SURBL provider. The SURBL provider rules are different than those that may be specified in the Spam RBL settings. The provider rules are not interchangeable. Nemx recommends the following SURBL providers for use with Exchange Server:

 

jp.surbl.org

ws.surbl.org

sc.surbl.org

ph.surbl.org

 

SURBL are an effective tool in the fight against spam and are quite different than traditional RBLs. Basically a SURBL works on the web links and images within an email, rather that the IP address of the sending domain like a traditional RBL. Nemx Power Tools Version 5.0 and above provides support for any number of SURBLs. See http://www.surbl.org/lists.html for additional information on surbl lists.

  

 

Using Spam Confidence Levels to minimize Quarantining:    Spending too much time reviewing quarantined email? An approaching using Spam Confidence Levels (SCL) on rules and events may help. SCLs are a value that can be assigned to a rule or triggerable event. As a message passes through the various content analysis components and is triggered, the overall SCL value of the message will be incremented. When the message has completed its analysis, the combined SCL can be used as a basis to determine what “action” should be taken on the message. A high SCL would signify that multiple components have triggered on that message and its likelihood of being spam would be high. High SCLs could be assigned an action of “Delete”, while medium to low SCL ratings could be assigned a softer action, such as quarantine or move to a sub folder. By deleting messages that have multiple spam triggers associated with it, reduces the amount of mail that must be reviewed or dealt with. In all cases Friendly Domains overrides the SCL processing (if selected), ensuring that true business email is delivered to its recipient.

 

T he following knowledge base article e x plains this process in more detail.

http://www.nemx.com/knowledgebase/article.aspx?id=10156

 

 

Online Knowledge Base:    A Knowledge Base section has been added to our web site to assist you in getting the information you need when you need it. T he Knowledge Base is categorized by product, component and environment and further by the type of issue. The KB is fully searchable and contains articles on support, presales, how tos, and general product information.

 

You can access the Knowledge Base via the following link: http://www.nemx.com/KnowledgeBase

 

 

 

 

We hope that this newsletter and How Tos will help you in your content management challenges and your daily battles with the effects of spam and viruses. If you have any thoughts on how Nemx Power Tools and SecurExchange can improve your interaction with Exchange Server, by all means please let us know. Many of the features in the product come from customer suggestions, so keep them coming!



 

 
 
Copyright 1996-2005, Nemx Software Corporation, All Rights Reserved. All trademarks used or referred to on this site are the
property of their respective owners. No materials on this site may be reproduced, altered, or further distributed without Nemx's prior written permission.