Implementing network security is like trying to chase a moving target at the best of times. Some companies spend tens of thousands of dollars per year reactively trying to solve problems as they occur. If you had the unfortunate experience of having to react to the Klez worm or the Love Bug virus, you certainly understand what I’m talking about. The days where you could rely on updated desktop virus definitions alone are unfortunately long gone. Securing a network is a constantly evolving challenge. Where most companies today would consider it incomprehensible to not have a properly configured firewall, many of these same companies still overlook the single biggest source of their problems – their email systems.
As the Love Bug virus showed, companies also still rely on their users to exercise good judgment when it comes to dealing with things like potentially malicious attachments. Disabling VBScript on their systems may be a great first step, but what’s your plan for dealing with HTML emails that include embedded ActiveX controls? With 25 critical security updates already released by Microsoft this year, the need for centralized email security has never been clearer. Instead of spending your precious hours trying to fix the security leaks that have already entered your network, secure the source – the free-for-all known as your mail server.
If your company is running Exchange 2000, one product definitely worth a look is GFI Software’s GFI MailSecurity for Exchange/SMTP. Not only does this application provide you with complete control of incoming, outgoing, and internal mail, but it also does so in a manner completely transparent to users. MailSecurity is much more than just virus-checking software. The list below outlines some of the capabilities that we’ll explore further in this article.
- Content and Attachment Checking. MailSecurity provides the ability to scan email messages that include specific words or attachments. Whether you’re looking to ensure that messages containing VBScript attachments are blocked, trying to filter spam, or want to stop certain users from sending or receiving attachments at all, this feature is a must-have.
- Quarantining. Emails that include checked content, attachments, or viruses can be quarantined. Quarantined messages can then be sent to an administrator, a user’s manager, or even a mail-enabled Exchange public folder, prior to being manually approved or rejected. You also have the option of automatically deleting emails that meet the conditions of the rules you’ve specified.
- Virus Scanning. MailSecurity can also scan all incoming, outgoing, and even internal attachments for viruses. Not to be outdone, the program uses two virus-checking engines by default – Norman Virus Control and BitDefender. If two virus engines are still not enough, you have the option of adding the McAfee engine as well.
- Email Exploit Engine. If you think that it’s only email attachments that you need to worry about, think again. Over the course of the last few months, some of the most serious problems to work their way into the enterprise are those associated with active content or scripting, via HTML emails. MailSecurity protects against these types of exploits as well, using their industry-first email exploit engine.
Whether you’re looking to secure your mail server or a way to control what your users can do with their email, MailSecurity has something to offer. You hopefully already have a firewall. It’s time to consider something similar for your mail server.
The installation of MailSecurity requires Windows 2000 Service Pack 1. It also requires Exchange 2000 Service Pack 1 to take advantages of Microsoft’s new Virus Scanning API (VS API). VS API allows messages to be scanned within the Exchange message store, ensuring that scanning occurs before a user’s mail client accesses a potentially malicious attachment. The VS API is also much more efficient in how it deals with attachments – if sent to multiple users, it will only be scanned once prior to delivery, rather than multiple times according to the number of recipients.
The installation of MailSecurity is exceptionally straightforward and not worth exploring in detail. Once installed, MailSecurity is managed using the MailSecurity Configuration tool, which is implemented as an MMC snap-in. The interface of the console is shown below.
Figure
Content and Attachment Checking
GFI MailSecurity provides you with the ability to “police” your mail server by controlling both the content of email messages and the associated attachments that are allowed to pass through. For example, it’s generally a good idea to block potentially malicious attachments like .exe, .vbs, and .js files. MailSecurity takes care of all three (and more) in the default attachment-checking rule that we’ll look at shortly.
Content checking rules allow you to control the types of messages that can be sent or received on your mail server according to the words they contain. For example, you might choose to create rules that search messages for profanity, or common spam keywords. Not only is MailSecurity capable of searching for these words in the body of a message and subject line, but also in attachments if so configured. Consider the options shown on the screen below.
Figure
Once a rule has been specified, you need to associate it with an action, and optionally a group of users. Consider the screen shot below, which shows the Action tab for my new rule that checks all messages for the words “racist” or “university diploma”. The top of the page allows me to block the message and perform an action. Possible actions include quarantining the message, deleting the message, or moving it to a folder. Another course of action would be to specify multiple rules, which could then have different actions associated with them, or apply to different users. For example, you might delete messages considered spam immediately.
Figure
Notice the option to inform a manager. If you’ve ever looked at the properties of a user account in Active Directory, your may have noticed that you have the ability to configure the manager of a user within the properties of an account. In cases where this option is selected and the rule is matched, MailSecurity will query Active Directory, find the manager associated with a user, and forward the message to the manager, allowing them to approve or reject the message. If approved, the message will be sent. If rejected, the message is deleted. In cases where the Manager attribute is not set in a user’s account, the message will be sent to the configured administrator.
After specifying an action, you can use the Users/Folders tab to control to whom this rule will apply. By default, a rule will apply to all users. For a more granular level of control, you can select the individual users to whom the rule should apply.
Figure
Attachment checking rules are something that every com