InfoSecurity show

Julian Field mailscanner at ecs.soton.ac.uk
Tue Apr 29 15:43:35 IST 2003 

I have just the day (well, quite enough of it!) at the "Info Security" show 
in London.
I decided to do the rounds of the show on the premise that I wanted to buy 
an email anti-virus, and particularly anti-spam, system.
I have had demos from loads of salesmen trying to flog me their systems.

And my overwhelming response has to be "What a pathetic bunch of products".
That's the version you can tell your mother-in-law, anyway :-)

They have really sophisticated traps like "the From: domain doesn't match 
the envelope sender domain" and make a big thing of it. Useful until one of 
your users joins a mailing list...

The really advanced products have thinly (or sometimes not at all!) 
disguised copies of DCC. I didn't see one product that could talk to Razor2 
and DCC. RBL's are quite popular, probably because they are so easy to use. 
No-one had a decent response to "what happens to your incoming mail feed 
speed if one of the RBL's goes down?". The standard line to that was "well, 
you can't avoid human intervention completely". In other words, your 
incoming mail feed would slow to a crawl waiting for every DNS timeout for 
every message. I even got them to admit that was exactly what would happen.

No product I was shown implemented any decent set of heuristic rules. One 
or two had the ability to enter regular expressions and give a simple score 
to each one. But you had to write all the rules yourself, and they only 
supported 10 rules at most.

1 had a Bayes engine, but it had to be manually trained with spam. It would 
auto-learn on the assumption that all your outgoing mail was not spam. 
Which is better than nothing, until one of your systems inside gets hacked 
and used as a spam relay, at which point your entire bayes database is 
destroyed by being given spam it assumed was non-spam.

And a couple of them gave me price quotes. These were both "appliances", 
i.e. PC's in 1U boxes. One company wanted $56,000 plus the cost of an 
anti-virus engine (they only supported a choice of 2). The other one 
charged £20,000 (approx $32,000) for the basic unit, and you then paid them 
several thousands of £ for each of their "modules" on top of that.

I hope there are at least 1 or 2 decent commercial products in this market, 
but I sure didn't see them today, and all the big players were there.

We need to spread the word!

Which brings me onto my next posting.
-- 
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list