Product Review: GFI MailSecurity for Exchange/ SMTP Version 10

Disclaimer

This product review reflects my own opinion & views about GFI MailSecurity for Exchange/SMTP Ver 10. Throughout this review, GFI product documentation has been consulted in order to refine my thoughts and references.

Introduction

Do you ever dare to leave your home with doors open? Probably not! The same goes with our company network, if you do not have a properly configured firewall. Also, if you do not give any importance for security in your messaging infrastructure, the impact will be severe too. In other words, mail server will get exposed highly to the very bad “animals” such as Trojans & Viruses.

E-mail is very mission critical in this digital economy, and therefore we should never overlook the security in our email system. Gone are the days where you could totally rely the updated virus definitions on your desktops & laptops. Love bug Virus has given a “lesson learned” incident to many organizations in the past.

Why GFI MailSecurity for Exchange/SMTP?

Industry provides many solutions on compacting these bad “animals” to a great deal, so GFI MailSecurity for Exchange/SMTP v10 does. GFI MailSecurity is server based and which includes multiple virus scanners with effective signatures/definitions being updated regularly. Meaning, once you purchase this product, you have the ability to subscribe various virus engines licenses and its definitions. The five vendors supported by this product are Norman, McAfee, Kaspersky, BitDefender & AVG. I will explain why one virus engine is not enough in the later part of this review.

GFI MailSecurity allows the automatic download of virus definitions on a scheduled manner from all the scan engine vendors. If your organization is running on Exchange 2000/2003/2007, GFI MailSecurity for Exchange/SMTP is worth considering. I have been using the GFI MailSecurity 10 in my lab for a while; apart from the anti-virus feature, GFI MailSecurity offers other great capabilities to offer . They are,

• Information Store Protection
• Content and Attachment checking
• Virus Scanning
• Email Exploit Engine
• Quarantine
• HTML Sanitizer
• Real-time Monitoring
• Decompression

I explored some of these functionalities in detail as below:

Information Store Protection – if this option is enabled in GFI MailSecurity, message contents in the Microsoft Exchange Information store will be scanned for viruses through Microsoft’s Virus Scanning API (VSAPI). If you see below Figure 1.0, I have enabled all the three virus scanning engines to protect information store. VSAPI is effective and efficient when it comes to attachments as it scans only once even though there are multiple recipients.


Figure 1.0

Content & Attachment Checking – in Mail Server, this area is being considered as “check post” for immigration/clearance. GFI does its job here very good with great results as it controls both content and attachments in the email while passing through. It will ensure messages with VBScript attachments are blocked, restrict users sending/receiving attachments and minimize spam by greater level of filtering – GFI has all these features. When you install GFI, there already few rules by default. One of default rules in GFI is to block all potentially malicious attachments (namely, .exe, .js, .vbs, .vb etc) – See Figure 1.2 below. It has also created separate rules for image, video & audio out of the box.


Figure 1.2

Virus Scanning – As a must feature, GFI comes with Virus scanning. It scans all the incoming/outgoing mails as well as information store. By default, GFI enables three virus scan engines – Norman, BitDefender & AVG. Under normal circumstances, this is good enough. If you think this is not sufficient for your environment, feel free to add the rest of the engines – Kaspersky & McAfee. If you see below Figure 1.2, I was provided with 3 licenses and activated them on priority.


Figure 1.2

Why do we need multiple Virus Engines?

If you use multiple virus scan engines, the advantages are more. So GFI MailSecurity 10 with 5 scan engines is the right choice, because:

• There is a high probability that rising threats will be promptly fixed.
• It provides high availability when one of the scan engines fails.
• Administrators have the flexibility to choose the most effective scan engines from the list of five which delivers most appropriate level of protection for their mail server environment
• You can perform the reconfiguration or update of engines in offline mode without being the message queued.

In nutshell, those viruses are being unblocked or undetected for longer time are significantly reduced.

Email Exploit Engine – The way suspicious attachments are being received by users are changing constantly, it’s just not only coming from the email explicitly. It has found many means to reach you, for example, active content or scripting via HTML emails are destructive too. I am very glad to see that this new version of GFI MailSecurity has provided this feature in compacting email exploit to a great deal (Figure 1.3).


Figure 1.3

Quarantine – By doing content & attachment filtering by GFI MailSecurity, there will always be messages filtered. So quarantining these messages is the best practice rather than trashing it upfront. Authorized personnel can manually approve or reject those messages being filtered. In the below Figure 1.4, sfiroz@bright.local is the authorized person to do this job.


Figure 1.4

GFI MailSecurity 10 allows administrators to configure a series of folders, this is to manage quarantined mails better and faster. At any given time, a quarantined folder can be setup with a purpose – for example, a folder created for a particular user due to its emails are being infected by virus continuously or folder created for a user who suspiciously sending some image files to outside the organization, and there can be many scenarios with various reasons. Once you are in a situation where you created large number of folders, then the need of search within the quarantined emails becomes more important. If you see the below Figure 1.5, search is performed based on sender, ID, recipient, subject, reason for quarantine, date and source.




Figure 1.5

HTML Sanitizer – Using HTML, it’s easy to embed malicious commands in the mail. GFI MailSecurity does a good job here by scanning the email body, then detect if any .htm/.html attachments for scripting code and finally sanitize the HTML. By default, GFI MailSecurity enabled this feature for both inbound and outgoing emails, see Figure 1.6 below.


Figure 1.6

Real-time Monitoring – Below is the screen capture from GFI MailSecurity server in my lab. This monitor keep refreshed in 10 seconds by default (it can be changed). All the scanning activity are shown in sequential manner (see below Figure 1.7).


Figure 1.7

Decompression – GFI MailSecurity provides Decompression engines with set of rules already defined such as password protected files, corrupted files, recursive files etc. (see Figure 1.8). This rule defines how various archive files are appropriately handled.


Figure 1.8

Installation

You can install this in a separate physical machine as Mail Security gateway to be used as typical SMTP server, I installed directly into my Exchange 2003 backend server. I installed this in my MS Exchange Server 2003 SP2 Enterprise Edition. Once the straight forward installation is finished, rest of the configuration and administration can be done using the GFI MailSecurity administration panel as below (Figure 1.9).


Figure 1.9

Trial Version & Availability

You can find out more about GFI MailSecurity for Exchange/SMTP 10 from the product’s info page [1] and you can download the 30 days trial version of GFI MailSecurity from here [2]. Pricing for GFI MailSecurity starts at $575 for 25 users

Summary

I prefer GFI MailSecurity very much mainly because its ease of usage in Administrator's perspective. I have been evaluating this in my lab using MS Exchange 2003 server. If your organization has a different version of Exchange (e.g. Exchange 2000 or the latest Exchange 2007), GFI MailSecurity 10 supports them with no big difference in features, setup as well as usage. Overall my rating is 4.5 out 5 for GFI MailSecurity and I highly recommend this. However some pros & cons worth mentioning here about GFI MailSecurity.

Pros

• Straight forward installation, configuration & administration
• Easy use for Administrators. Reduced Maintenance. Multi-layered defense.
• Remote management using Web based console.
• GFI MailSecurity is affordable in the market and maintaining the subscription cost is relatively low.

Cons

• Honestly, I don’t see any cons in terms of features and performance. My ratings becomes 4.5 out of 5 is just because of this.

Related links

GFI MailSecurity:Product overview [3]
GFI MailSecurity: Product features [4]
GFI MailSecurity: Product manual [1]
GFI Mail Security: Product datasheet [5]
GFI MailSecurity:Product tour/webcast [6]
GFI MailSecurity: Deployment strategies [7]
Why one virus engine is not enough [8]