InfoSecurity show

Lush, Richard Richard.Lush at HP.COM
Tue Apr 29 21:24:12 IST 2003

I was there today as well.  I had one "salesman" tell me mail came in on port 28 :-)

I can honestly say that there is only one product there that looked any good and that was MailMarshall. Even then it did fully supply what MailScanner can.  I was amazed to see that about 70% of the stands there were to do with spam and email antivirus.  

A stand for MailScanner next year then Julian???


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
Sent: 29 April 2003 15:44

I have just the day (well, quite enough of it!) at the "Info Security" show in London.
I decided to do the rounds of the show on the premise that I wanted to buy an email anti-virus, and particularly anti-spam, system.
I have had demos from loads of salesmen trying to flog me their systems.

And my overwhelming response has to be "What a pathetic bunch of products".
That's the version you can tell your mother-in-law, anyway :-)

They have really sophisticated traps like "the From: domain doesn't match the envelope sender domain" and make a big thing of it. Useful until one of your users joins a mailing list...

The really advanced products have thinly (or sometimes not at all!) disguised copies of DCC. I didn't see one product that could talk to Razor2 and DCC. RBL's are quite popular, probably because they are so easy to use. 
No-one had a decent response to "what happens to your incoming mail feed speed if one of the RBL's goes down?". The standard line to that was "well, you can't avoid human intervention completely". In other words, your incoming mail feed would slow to a crawl waiting for every DNS timeout for every message. I even got them to admit that was exactly what would happen.

No product I was shown implemented any decent set of heuristic rules. One or two had the ability to enter regular expressions and give a simple score to each one. But you had to write all the rules yourself, and they only supported 10 rules at most.

1 had a Bayes engine, but it had to be manually trained with spam. It would auto-learn on the assumption that all your outgoing mail was not spam. 
Which is better than nothing, until one of your systems inside gets hacked and used as a spam relay, at which point your entire bayes database is destroyed by being given spam it assumed was non-spam.

And a couple of them gave me price quotes. These were both "appliances", i.e. PC's in 1U boxes. One company wanted $56,000 plus the cost of an anti-virus engine (they only supported a choice of 2). The other one charged £20,000 (approx $32,000) for the basic unit, and you then paid them several thousands of £ for each of their "modules" on top of that.

I hope there are at least 1 or 2 decent commercial products in this market, but I sure didn't see them today, and all the big players were there.

We need to spread the word!

Which brings me onto my next posting.
Julian Field
Professional Support Services at MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list