Submitted by Brian Doherty (bdoherty@sas.upenn.edu)
* Vendor
symantec - symantec.com -
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=164&EID=0
http://enterprisesecurity.symantec.com/content/displayPDF.cfm?PDFID=386
* Platform (Wintel, *nix, both)
Windows NT/2000/2003(?); Solaris 7 or 8
* Freeware/shareware/paid product
Commercial product - but part of Penn's current license for Symantec's
enterprise line of av products
* How does it function? (Does it rely on external blacklists a la ORDB,
manually-created
black/grey/whitelists, MTA blocking, keyword filtering, etc.)
Can use a combination of identification techniques: such as anti-spam heuristics,
multiple real-time blacklists (RBL), and blacklists and whitelists.
Heuristics are updated when new product builds/versions are released. Symantec
does not indicate just how the heuristics work,
indicating that they are proprietary.
AntiSpam functions are just part of this package - which is realy designed
as an SMTP antivirus scanner.
* What is its administrative model? (Centrally administered with Opt-in/Opt-out
functionality, fully end-user-administered, etc.)
Generally used in gateway mode - incoming mail routed thrugh scanning server
prior to delivery to server which routed mail
to the recipient. Does not allow users to be opted in/out. User has no real
interaction with the system and can not customize it in any way for their
particular preferences, except in terms of how they choose to filter messages
that have been marked as spam.
* What options does it provide for disposition of SPAM, once it's been identified?
(Deletion, pre-pending "SPAM!" to the subject line, generating
an NDR, etc.)
Can block it entirely, or forward to another address; when using heuristics
- can prepend SPAM (or text of choice) to message subject.
* Ease of administration, server-side. (Installation, sysadmin maintenance,
system resources required, etc.)
Experience with this product for antivirus scanning indicates that it is
easy to administer. Installation, configuration
and upgrades have all been very straightforward, under both Windows and
Solaris. Should first test to ensure that gateway server is fast enough
to handle expected volume of mail -processign can be problamatic if this
isn't the case. Anyone who'd
like more information can contact Brian Doherty (bdoherty@sas).
* Ease of use, end-user-side. (Ease of configuration, "learning"
to recognize SPAM, etc.)
Currently, user would not interact with the system to configure or "teach"
it.
* Effectiveness (false positives, misses, etc.) - use this section to provide
any quantitative data you may have, IE, flagged 85 out of 100 SPAM messages
in the course of a week with 5 fase positives, etc.
Unknown.
* Vendor-provided documentation, tutorials and technical support
Symantec's tech support is generally quite good, but support for spam engine
is unknown.
* Community support available: "Billy-Bob's Procmail Page", etc.
Provide URL's where applicable.
N/A?
* Overall impressions & notes
Product seems likely to be stable and well supported, given Symantec's
usual track record. May not offer enough
options for customization for many sites, but since it be used to only tag
messages as spam by modifying subject header,
could be used to allow users to filter messages as they see fit. For those
sites which want to protect against viruses and
spam w/o running more than one product, this may be a good choice. The fact
that it is already licensed for use at Penn is of course another significant
advantage.
 |
Please note: This material is no longer current and appears
online for archival purposes only.
Use the search and navigation tools above to locate more up-to-date materials, if they exist. |
