Make sure you know which message types or transports a scanner can't scan. For example, I don't know of any products that can scan X.400 connector queues, and some scanners can't handle encrypted .zip files or digit-ally signed Secure MIME (S/MIME) messages. You need to know where your vulnerabilities are so that you can find a product or method that addresses them.
Find out what actions the scanner takes with messages that it flags as infected. Does the scanner simply delete those messages, or can it quarantine the messages for later inspection?
Find out how the product notifies you when it finds an infected message. Some administrators want immediate email or pager notification; other administrators want the scanner to dump quarantined messages into a public folder and send a weekly email summary report.
Be sure that the product you buy lets you start and stop scans on demand; this control lets you protect your network against new viruses by shutting down your SMTP connection, downloading the latest signature update, and scanning messages in the Store. Cost is an important factor, too, especially because you must keep virus scanners up-to-date. Find out whether your selected vendor offers discounts if you buy its desktop- or perimeter-scanning products along with Exchange, and ask how much product updates cost. You can search Usenet newsgroups or Exchange discussion forums to see how quickly scanning-product vendors react to new viruses by rolling out signature updates; some companies are faster than others. In general, my favorite antivirus products are Trend Micro's ScanMail for Microsoft Exchange and Sybari's Antigen for Exchange, both of which enjoy excellent reputations for speed, stability, and customer service.
Antispam Products
Because spam has become so prevalent and unpopular, products to combat it are increasingly in demand. An ongoing arms race is taking place between spammers and antispam product vendors, so you need to do some investigating when selecting a product to make sure your selection has the latest weaponry. Users can install client-side filtering or spam-prevention tools such as Cloudmark's SpamNet or Network Associates' McAfee SpamKiller, but the most effective way to stamp out spam is to filter incoming SMTP mail at your network perimeter. Accordingly, products that intercept incoming email messages and process them before they reach your Exchange mailboxes are probably your best choice. For example, GFI Software's GFI MailEssentials for Exchange/SMTP and Nemx Software's Power Tools for Exchange both provide scanners that can filter inbound SMTP traffic.
Selecting an appropriate antispam solution involves evaluating two functional areas: how the product determines whether an item is spam, and what the product does with the messages it labels as spam. Spam-identifying schemes include:
- simple keyword filters that check for common spam terms in the subject line of messages. These filters are useful only if they let you change the list of common terms as spammers change their tactics.
- scoring systems that assign points to items that are characteristic of spam (e.g., a lot of exclamation points in the subject line, common spam terms in the subject line or body, forged message headers). When a message earns a certain number of points, the product marks the message as spam. This approach works if you can adjust the number of points the product gives to various message characteristics and the number of points that marks a message as spam.
- collaborative filters that let sites share information about spam. After a filter identifies a message as spam, it registers the message's fingerprint with a central server that other users of the same filtering software can check before accepting the message.
Prev. page
1
[2]
3
next page 
