|
 |
|
GFI MailSecurity for Exchange
E-mail content checking, exploit detection, anti-Trojan and anti-virus
Protects against email viruses, exploits
& Trojans
The need to monitor email messages for dangerous, offensive or
confidential content has never been more evident. The most deadly
viruses, able to cripple your email system and corporate network
in minutes, are being distributed worldwide via email in a matter
of hours (for example, the MyDoom worm). Products that perform
single vendor anti-virus scanning do not provide sufficient protection.
Worse still, email is likely to become the means for installing
backdoors (Trojans) and other harmful programs to help potential
intruders break into your network. Products restricted to a single
anti-virus engine will not protect against email exploits and
attacks of this kind.
Your only defence is to install a comprehensive email content
checking and anti-virus solution to safeguard your mail server
and network. GFI MailSecurity acts as an email firewall and protects
you from email viruses, exploits and threats, as well as email
attacks targeted at your organization.
GFI MailSecurity is available as an SMTP gateway version and (in
v.8 only) for VS API. The gateway version should be deployed at
the perimeter of the network as a mail relay server and scans
inbound and outbound mail. The VS API version integrates seamlessly
with Exchange Server 2000/2003 and scans the Exchange information
stores.
Virus checking with multiple virus scanning
engines
GFI MailSecurity uses multiple virus scanners to scan inbound
mail. Using multiple scanners drastically reduces the average
time to obtain virus signatures which combat the latest threats,
and therefore greatly reduces the chances of an infection. The
reason for this is that a single anti-virus company can never
ALWAYS be the quickest to respond. For each outbreak, virus companies
have varying response times to a virus, depending on where the
virus was discovered, etc. By using multiple virus engines, you
have a much better chance of having at least one of your virus
engines up-to-date and able to protect against the latest virus.
In addition, since each engine has its own heuristics and methods,
one virus engine is likely to be better at detecting a particular
virus and its variants, while another virus engine would be stronger
at detecting a different virus. Overall, more virus engines means
better protection.
Note: Independent research showed that brand names are no guarantee
for faster response times; in fact some of the big brand names
were found to be among the slowest.
Trojan and executable analyzer
The GFI MailSecurity Trojan & Executable Scanner detects unknown
malicious executables (for example, Trojans) by analyzing what
an executable does. Trojans are dangerous as they can enter a
victim’s computer undetected, granting an attacker unrestricted
access to the data stored on that computer. Anti-virus software
will NOT catch unknown Trojans because it is signature-based.
The Trojan & Executable Scanner takes a different approach
by using built-in intelligence to rate an executable's risk level.
It does this by disassembling the executable, detecting in real
time what it might do, and comparing its actions to a database
of malicious actions. The scanner then quarantines any executables
that perform suspicious activities, such as accessing a modem,
making network connections or accessing the address book.
Norman Virus Control & BitDefender virus
engines are included
GFI MailSecurity is bundled with Norman Virus Control and BitDefender.
Norman Virus Control is an industrial strength virus engine that
has received the 100% Virus Bulletin award 16 times running. It
also has ICSA and Checkmark certification. BitDefender is a very
fast and flexible virus engine that excels in the number of formats
it can recognize and scan. BitDefender is ICSA certified and has
won the 100% Virus Bulletin award and the European Information
Technologies Prize 2002. GFI MailSecurity automatically checks
and updates the Norman Virus Control and BitDefender definition
files as they become available. The GFI MailSecurity price includes
updates for one year.
Kaspersky and McAfee virus engines optional
To achieve even greater security, users can add the Kaspersky
and/or McAfee anti-virus engines as a third or fourth anti-virus
engine or as a replacement to one of the other engines. Kaspersky
Anti-Virus is ICSA-certified and is well known for the unsurpassed
depth of its object scanning, the high rate at which new virus
signatures are released, and its unique heuristic technology that
effectively neutralizes unknown viruses. The McAfee virus engine
is particularly strong at detecting non-virus attacks such as
rogue ActiveX controls.
Automatic removal of HTML scripts
The advent of HTML email has made it possible for hackers/virus
writers to trigger commands by embedding them in HTML mail. GFI
MailSecurity checks for script code in the email message body
and disables these commands before sending the "cleaned"
HTML mail to the recipient. GFI MailSecurity is the only product
to protect you from potentially malicious HTML email using a GFI
patented process, safeguarding you from HTML viruses and attacks
launched via HTML email.
Email exploit detection engine
The email exploit detection engine builds on GFI's leading research
on email exploits, and safeguards you from future email viruses
and attacks that use known application or operating system exploits.
For example, GFI MailSecurity would have protected you against
the Nimda and Klez viruses when they first emerged without needing
any updates, because these viruses use known exploits. GFI SecurityLabs
regularly finds new email exploits, and these are automatically
downloaded by GFI MailSecurity. GFI MailSecurity is the only email
security product to detect email exploits.
Spyware detection
GFI MailSecurity's Trojan & Executable Scanner can recognize
malicious files including spyware and adware. GFI MailSecurity
can also detect spyware transmitted by email via the Kaspersky
virus engine (optional) which incorporates a dedicated spyware
and adware definition file that has an extensive database of known
spyware, Trojans and adware.
Attachment checking
GFI MailSecurity's attachment checking rules enable administrators
to quarantine attachments based on user and file type. For example,
all executable attachments can be quarantined for administrator
review before they are distributed to the user. GFI MailSecurity
can also scan for information leaks, for example, an employee
emailing a database. You can also choose to delete attachments
like .mp3 or .mpg files.
Email content checking/filtering
Using GFI MailSecurity's powerful content checking rules engine,
you can configure rule sets based on user and keywords that allow
you to quarantine potentially dangerous content for administrator
approval. In this way, GFI MailSecurity can also scan for offensive
content.
Custom quarantine filters (v. 9)
GFI MailSecurity enables you to configure a series of search folders
(similar to MS Outlook Search Folders) within the ‘Quarantine
Store’, permitting you to manage quarantined emails better
and faster. For example, you can set up a folder for emails that
were quarantined by virus checking and another for emails quarantined
by attachment checking for a particular user, allowing you to
prioritize which folders you check first: It may be more important
to examine the attachment checking folder first as it is more
likely to contain emails that need to be approved and forwarded
to users.
Web-based configuration – enables
remote management from any location (v. 9)
The product’s web-based configuration allows you to configure
and monitor the product and manage quarantined emails remotely
from any computer that is equipped with a browser. This means
that you can monitor and manage GFI MailSecurity from anywhere
in the world.
Approve/reject quarantined mail using the
moderator client, email client or web-based moderator
GFI MailSecurity provides several options for moderating quarantined
mail. The moderator client gives you a familiar Windows interface
for approving/rejecting email. The web-based moderator allows
you to approve/reject emails from anywhere on your network. Alternatively,
GFI MailSecurity can also forward quarantined mails to an email
address, enabling you to use a public folder to distribute the
quarantined items to multiple administrators.
Searching within quarantined emails (v.
9)
GFI MailSecurity provides the facility to conduct searches within
all emails that it quarantines. Such searches can be performed
among inbound or outbound emails to or from a particular user,
for instance. Searches can also be carried out based on sender,
recipient and also quarantine reason, freeing the administrator
from the need to go through all quarantined emails one by one.
Full threat reporting for quarantined emails
(v.9)
When an email is quarantined, GFI MailSecurity gives a full threat
report , detailing all threats identified per mail.
Server-based anti-spam
GFI MailSecurity's companion product, GFI MailEssentials for Exchange/SMTP
offers spam protection at server level and eliminates the need
to install and update anti-spam software on each desktop. GFI
MailEssentials includes a number of effective methods to virtually
eliminate spam from your network. It also provides disclaimers,
Internet mail reporting, server-based auto replies and POP3 downloading.
GFI MailEssentials integrates seamlessly with GFI MailSecurity
and both are available as a bundle.
Checkmark & ICSA certified
GFI MailSecurity holds Checkmark certification from West Coast
Labs and ICSA certification from TruSecure.
Great value
GFI MailSecurity is the most cost-effective content checking and
anti-virus product available. The standard license includes a
full year of anti-virus updates, as well as three months of free,
unlimited support. The cost of anti-virus updates in the second
year is minimal as well, approx. 15% of the purchase price, depending
on the amount of users you have.
Other features:
- Automatic quarantining of Microsoft Office documents
with macros
- Detects attachment extension hiding & renaming
- User-based, flexible rules configuration
- Scans embedded mails
- Lexical analysis.
|
|
| |
