Hardware AntiSpam/AntiVirus options?

N

Nate7311

2[H]4U
Joined
Jan 11, 2001
Messages
3,320
I'm looking for comments on a hardware solution for Spam and AntiVirus, primarily because I'm forced to continue to run Exchange 5.5 still... :rolleyes: .

I've read quite a bit about the Baracuda boxes and know that they've got an excellent reputation. I've also seen a bunch about trimMail Boxes too. Anyone have any other reccomendations and/or comments?

Thanks In Advance
 
There are software options that will work with Exchange 5.5. GFI ME & MS can be run on a sperate box in gateway mode.

I used this setup until a few monthes ago when we finally upgraded.
 
We are still using Exchange 5.5 so I feel your pain. We us BrightMail and it seems to work well. Symantec has recently purchased it so...go to the Symantec site and check it out for yourself. I believe you can download a trial version.
 
I've heard a lot of good things about Barracuda too.

I've used Trend Micro's Interscan Messaging Securty Suite (IMSS). It's a spam filter/mail av filter that installs on a server. Although rumor has it that they're going to be releasing an appliance very soon.

In the past they've been known for having a high false-negative rate on the SPAM side, however, I can tell you that this problem is about to go away (cant say much else).

It's a pretty good product, again with the only downside being that it currently suffers from a high false-negative rate. The antivirus portion is rock solid.

I also know some companies who are happy with FrontBridge (managed anti-spam service).
 
i've used the following solutions, all of which can be run as a gateway (even if they are software):
barracuda 300
symantec mail security
fluffy the smtp guard dog
i hate spam

frankly, none of the solutions is going to be perfect. also, 1 layer of security for this service is risky. the barracuda is great because it does a good job with both AV and spam. but it has been far from perfect for me. and if you have special circumstances it may not be the best fit.

there are also some pretty cheap open source solutions you could run, but that may not be a good option either. are you comfortable in *nix? can you run an openbsd/freebsd box with clamav and spam assassin?

have you considered an outsourced solution like postini? even clarkconnect offers a similar service though postini is THE name in this field. would your organization rather pay per month vs. all up front?
 
false negative rate? so spam gets through then? first off, most of these products require tuning. have you trained the software, and tuned it to be as accurate as possible? if so, and the high rate continues, then why keep using them? i mean exchange on it's own has a high false negative rate . . . . why pay extra? there are probably 50 products out there that can do a decent job.

can you create regexs? can you adjust spam scoring? how many types of spam blocking do they have?

Boscoh said:
In the past they've been known for having a high false-negative rate on the SPAM side, however, I can tell you that this problem is about to go away (cant say much else).

It's a pretty good product, again with the only downside being that it currently suffers from a high false-negative rate. The antivirus portion is rock solid.
Click to expand...
 
We tested Barracuda, while nice, it couldn't do inbound and outbound at the same time.
Barracuda told us to wait for upgrades to the OS, or buy two... it may not be an issue anymore.

Our current running setup;
VamSoft ORF on the gateway doing Directory filtering, blacklist/whitelist, and several DNS checks.
Our Exchange server is running GFI ME10 and NAI GroupShield.

I recommend ORF on the gateway for a Windows smtp filter solution. Plus, it is dirt cheap!
For Linux, you can't go wrong with Debian running Postfix, Spamassassin, and ClamAV
 
big daddy fatsacks said:
false negative rate? so spam gets through then? first off, most of these products require tuning. have you trained the software, and tuned it to be as accurate as possible? if so, and the high rate continues, then why keep using them? i mean exchange on it's own has a high false negative rate . . . . why pay extra? there are probably 50 products out there that can do a decent job.

can you create regexs? can you adjust spam scoring? how many types of spam blocking do they have?
Click to expand...
I'm not the guy in charge of the SPAM filtering. I administer it, and help to set it up, and insure that what's required of the network for the SPAM filtering to do it's job is done, but I dont answer to the big man because the product doesn't do what it needs to be doing.

Yes the software was tuned properly. We're working with Trend to get the product where it needs to be. I'd say it used to catch 75-80% of all SPAM. There are some mail boxes that would get 100 spam messages per day, and they usually ended up getting ~20 in their actual inbox. Now if it were up to me, we'd be using someone else. But like I said, it's not up to me.

They've got a couple new additions to their SPAM filtering that really help out a lot. Since we've been using those additions, the amount of false-negatives has lowered a lot. I'd say it now catches 97-98% of all SPAM, with very few false-positives.

I said earlier that I couldn't say much about it, but it looks like they've released those new products to the general public now:
http://www.trendmicro.com/en/products/nrs/overview.htm

Like anything though, test it in your environment. It might not work out as well for you as it did for us.
 
I've tested the Barracuda device.. it was very easy to use, and caught a lot of spam, but as someone said above, each unit can only do one direction (inbound or outbound). My old company used SurfControl's Spam filter software on a dedicated server; I think I liked it the best due to all the extra flexiblity that it offered over the 'Cuda.

If you have Unix skills, you can build a server that would basically be the same as a Barracuda and pay $0 for the software (MTA of your choice, ClamAV, Spamassassin [which rocks by the way]) etc.
 
Fint said:
If you have Unix skills, you can build a server that would basically be the same as a Barracuda and pay $0 for the software (MTA of your choice, ClamAV, Spamassassin [which rocks by the way]) etc.
Click to expand...

Exactly what I was going to say. If you have any linux experience and depending on the volume you're talking a linux email gateway works wonders. I have seen several setup with multiple virus detection (clamav and bitdefender) with spamassassin (which allows so much rule customization) and it runs great.

Personally I use amavis with postfix, clamav, spamassassin, postgrey on our server and it. While I don't have a percentage, I only have one user that I'm working on creating a custom rule to catch this one spam type that keeps getting through.

This link might be helpful:
http://www200.pair.com/mecham/spam/spamfilter20050626.html
 
For some decent reading and input on quite a few different appliances, look up the Feb 22 2005 issue of PCMagazine, they did a big review on them in an article called "Lock down your e-mail".

Barracuda Spam Firewall 300
BorderWare MXtreme mx-200
CipherTrust IronMail 345 (this one got the editors choice award)
Finjan Internet 1Box
IronPort C10
MailFrontier Gateway Appliance m500
Panda GateDefender 8050
Proofpoint 800 Gateway

Also in the same months edition....they did an article called "Lock down your network"...in which they tested a handful of other hardware appliances that did more than just e-mail filtering (meaning...had other features such as web contenct filtering, VPN gateway, intrusion detection, etc)

SonicWall Pro 2040
ServGate EdgeForce m30
Check Point Safe@Office 225u
Astaro Security Linux 5 (They liked this one)
Symantec Brightmail AntiSpam
Postini Perimeter Manager (they liked this one too)

Also FYI to help for your desktop apps...Microsoft released service pack 2 for Office 2003....of importance to this topic here is a great increase in their junk mail filters, and notably..the addition of Phishing removal to the junk mail filters. Every few months Microsoft releases updates to their junk mail filter for Outlook 2003...which you can easily get through office.microsoft.com. But adding SP2 for Office will help a lot now.
 
Yeah, I've done all of the research off and on for more than a few months now. STFI is always the 1st step :D . I was more interested in real-world reviews form users...
 
You must log in or register to reply here.
Back
Top