|
exchange
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
E2k3 SP2 (IMF) vs. NetIQHi there,
I just loaded SP2 on all my exchange servers, and have been playing with the IMF features. My company is in the middle of finding a permanent spam solution, and I've recommended NetIQ spam filtering (this is before I loaded SP2) since I used NetIQ before at my previous job and I believe it's a pretty good spam filter. Now with spam filtering coming with exchange, I'm wondering if microsoft can effectively put these other spam filtering software makers out of the spam filtering business. My question is, what (if anything) does NetIQ have on Microsoft's IMF to make it compelling? Is there any reason whatsoever to want to consider a software program like NetIQ when Exchange SP2 comes with one built in? Any advantages/disadvantages? Thanks much!
Show quote
On Sun, 20 Nov 2005 18:44:28 -0600, "Jon Doe" <j***@comcast.net> 3rd party solutions are updated on a regular basis, for now, the IMFwrote: >Hi there, > >I just loaded SP2 on all my exchange servers, and have been playing with the >IMF features. My company is in the middle of finding a permanent spam >solution, and I've recommended NetIQ spam filtering (this is before I loaded >SP2) since I used NetIQ before at my previous job and I believe it's a >pretty good spam filter. > >Now with spam filtering coming with exchange, I'm wondering if microsoft can >effectively put these other spam filtering software makers out of the spam >filtering business. My question is, what (if anything) does NetIQ have on >Microsoft's IMF to make it compelling? > >Is there any reason whatsoever to want to consider a software program like >NetIQ when Exchange SP2 comes with one built in? Any >advantages/disadvantages? > >Thanks much! > isn't. It's a good plan to stick with any 3rd party arrangements for now and neep an eye on what's catching what. Jon Doe wrote:
Show quote > Hi there, IMF is nice if you don't have anything else. Microsoft might improve it > > I just loaded SP2 on all my exchange servers, and have been playing with the > IMF features. My company is in the middle of finding a permanent spam > solution, and I've recommended NetIQ spam filtering (this is before I loaded > SP2) since I used NetIQ before at my previous job and I believe it's a > pretty good spam filter. > > Now with spam filtering coming with exchange, I'm wondering if microsoft can > effectively put these other spam filtering software makers out of the spam > filtering business. My question is, what (if anything) does NetIQ have on > Microsoft's IMF to make it compelling? > > Is there any reason whatsoever to want to consider a software program like > NetIQ when Exchange SP2 comes with one built in? Any > advantages/disadvantages? > > Thanks much! > > one day, but 3rd party solutions are updated, for now, more often than IMF. I'd stick with NetIQ or a similar solution - also look at Postini or Barracuda devices. We use those a lot and they're rather nice. -- Sincerely, Daniel S. Tate, MCSA+Messaging, Sun Certified Security, Network and Systems Administrator If you haven't already paid for a 3rd party solution then I would hold off
and see how the IMF does for you. I have a few clients who are running just IMF (along with connection/sender filtering) and are extremely happy with it. It's true that the IMF is not updated as often as the 3rd party filters (at least currently) but that may or may not matter to you. I'd give the IMF 2-4 weeks and see how it goes. If there is still too much spam coming thru and you don't feel you can tweak IMF any more, then invest in the 3rd party solution. -- Show quoteAloha, -Ben- Ben M. Schorr, OneNote-MVP Roland Schorr & Tower http://www.rolandschorr.com Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm **I apologize but I am unable to respond to direct requests for assistance. Please post questions and replies here in the newsgroup. Mahalo! "Jon Doe" <j***@comcast.net> wrote in message news:Qf2dnZ4nS63khRzenZ2dnUVZ_sOdnZ2d@comcast.com... > Hi there, > > I just loaded SP2 on all my exchange servers, and have been playing with > the IMF features. My company is in the middle of finding a permanent spam > solution, and I've recommended NetIQ spam filtering (this is before I > loaded SP2) since I used NetIQ before at my previous job and I believe > it's a pretty good spam filter. > > Now with spam filtering coming with exchange, I'm wondering if microsoft > can effectively put these other spam filtering software makers out of the > spam filtering business. My question is, what (if anything) does NetIQ > have on Microsoft's IMF to make it compelling? > > Is there any reason whatsoever to want to consider a software program like > NetIQ when Exchange SP2 comes with one built in? Any > advantages/disadvantages? > > Thanks much! > In a recent WebCast an MS guy said that there will be regular updates for
IMF very soon. So you might want to wait a bit before dumping IMF because of updates. More details from here: http://www.exchangeinbox.com/articles/013/sp2imf.htm I hope they keep their promise! cheers, Alexander Zammit Software Development Consultant ExchangeInbox.com MS Exchange resource site http://www.exchangeinbox.com/ Show quote "Jon Doe" <j***@comcast.net> wrote in message news:Qf2dnZ4nS63khRzenZ2dnUVZ_sOdnZ2d@comcast.com... > Hi there, > > I just loaded SP2 on all my exchange servers, and have been playing with > the IMF features. My company is in the middle of finding a permanent spam > solution, and I've recommended NetIQ spam filtering (this is before I > loaded SP2) since I used NetIQ before at my previous job and I believe > it's a pretty good spam filter. > > Now with spam filtering coming with exchange, I'm wondering if microsoft > can effectively put these other spam filtering software makers out of the > spam filtering business. My question is, what (if anything) does NetIQ > have on Microsoft's IMF to make it compelling? > > Is there any reason whatsoever to want to consider a software program like > NetIQ when Exchange SP2 comes with one built in? Any > advantages/disadvantages? > > Thanks much! > Thanks for the replies everyone. So, I posted this message this message
yesterday and guess what happened today?! We got slammed! So today we got this virus outbreak and tons of users were getting an e-mail that had a zip file. Within the zip file was an exe file. As you might expect with users, some of them opened the exe files. I turned on Sender ID filtering and increased SCL blocking. These messages were still coming through. However, I did notice that after turning on SenderID filtering, the headers indicated that the messages were being sent from IP addresses within our network. Anyway, I looked up information, and it doesn't appear that IMF blocks attachments! I know that with NetIQ, I could've simply blocked exe files and this would never have come in in the first place. So, I should let you know that while the spamming has reduced, this issue is still ongoing. Did I miss anything with IMF, or is a 3rd party spam solution my best option to block attachments? Thanks! Show quote "Jon Doe" <j***@comcast.net> wrote in message news:Qf2dnZ4nS63khRzenZ2dnUVZ_sOdnZ2d@comcast.com... > Hi there, > > I just loaded SP2 on all my exchange servers, and have been playing with > the IMF features. My company is in the middle of finding a permanent spam > solution, and I've recommended NetIQ spam filtering (this is before I > loaded SP2) since I used NetIQ before at my previous job and I believe > it's a pretty good spam filter. > > Now with spam filtering coming with exchange, I'm wondering if microsoft > can effectively put these other spam filtering software makers out of the > spam filtering business. My question is, what (if anything) does NetIQ > have on Microsoft's IMF to make it compelling? > > Is there any reason whatsoever to want to consider a software program like > NetIQ when Exchange SP2 comes with one built in? Any > advantages/disadvantages? > > Thanks much! > Attachment blocking is generally the province of Anti-virus rather than spam
blockers, though certainly some spam blockers do it too. Let me guess -- the virus was an e-mail that claimed to be from the FBI? Luckily your anti-virus system killed the virus before your users, who should know better than to open a random .EXE file, could do any real damage right? -- Show quoteAloha, -Ben- Ben M. Schorr, OneNote-MVP Roland Schorr & Tower http://www.rolandschorr.com Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm **I apologize but I am unable to respond to direct requests for assistance. Please post questions and replies here in the newsgroup. Mahalo! "Jon Doe" <j***@comcast.net> wrote in message news:cbednQO_M5Ll6R_eRVn-uA@comcast.com... > Thanks for the replies everyone. So, I posted this message this message > yesterday and guess what happened today?! We got slammed! > > So today we got this virus outbreak and tons of users were getting an > e-mail that had a zip file. Within the zip file was an exe file. As you > might expect with users, some of them opened the exe files. I turned on > Sender ID filtering and increased SCL blocking. These messages were still > coming through. However, I did notice that after turning on SenderID > filtering, the headers indicated that the messages were being sent from IP > addresses within our network. > > Anyway, I looked up information, and it doesn't appear that IMF blocks > attachments! I know that with NetIQ, I could've simply blocked exe files > and this would never have come in in the first place. So, I should let you > know that while the spamming has reduced, this issue is still ongoing. > > Did I miss anything with IMF, or is a 3rd party spam solution my best > option to block attachments? > > Thanks! > > > "Jon Doe" <j***@comcast.net> wrote in message > news:Qf2dnZ4nS63khRzenZ2dnUVZ_sOdnZ2d@comcast.com... >> Hi there, >> >> I just loaded SP2 on all my exchange servers, and have been playing with >> the IMF features. My company is in the middle of finding a permanent spam >> solution, and I've recommended NetIQ spam filtering (this is before I >> loaded SP2) since I used NetIQ before at my previous job and I believe >> it's a pretty good spam filter. >> >> Now with spam filtering coming with exchange, I'm wondering if microsoft >> can effectively put these other spam filtering software makers out of the >> spam filtering business. My question is, what (if anything) does NetIQ >> have on Microsoft's IMF to make it compelling? >> >> Is there any reason whatsoever to want to consider a software program >> like NetIQ when Exchange SP2 comes with one built in? Any >> advantages/disadvantages? >> >> Thanks much! >> > > Yep... they were the ones from the FBI. Well I know it's generally the realm
of the antivirus software, but I know that NetIQ does do virus scanning as well. The problem was that even though our antivirus defs are updated weekly, the one everyone had did not catch this virus. I went on symantec's website and got today's defs (not available via automatic update) and it caught the virus. Either way, I know that with a 3rd party spam solution, I would block certain attachments such as the usual suspects like .exe, .vbs...etc. So, sounds like these FBI e-mails slammed a lot of e-mail systems today huh? Show quote "Ben M. Schorr - MVP" <b***@bogusaddress.mvp> wrote in message news:uuia1nw7FHA.1276@TK2MSFTNGP09.phx.gbl... > Attachment blocking is generally the province of Anti-virus rather than > spam blockers, though certainly some spam blockers do it too. > > Let me guess -- the virus was an e-mail that claimed to be from the FBI? > Luckily your anti-virus system killed the virus before your users, who > should know better than to open a random .EXE file, could do any real > damage right? > > > -- > Aloha, > > -Ben- > Ben M. Schorr, OneNote-MVP > Roland Schorr & Tower > http://www.rolandschorr.com > Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm > > **I apologize but I am unable to respond to direct requests for > assistance. Please post questions and replies here in the newsgroup. > Mahalo! > > "Jon Doe" <j***@comcast.net> wrote in message > news:cbednQO_M5Ll6R_eRVn-uA@comcast.com... >> Thanks for the replies everyone. So, I posted this message this message >> yesterday and guess what happened today?! We got slammed! >> >> So today we got this virus outbreak and tons of users were getting an >> e-mail that had a zip file. Within the zip file was an exe file. As you >> might expect with users, some of them opened the exe files. I turned on >> Sender ID filtering and increased SCL blocking. These messages were still >> coming through. However, I did notice that after turning on SenderID >> filtering, the headers indicated that the messages were being sent from >> IP addresses within our network. >> >> Anyway, I looked up information, and it doesn't appear that IMF blocks >> attachments! I know that with NetIQ, I could've simply blocked exe files >> and this would never have come in in the first place. So, I should let >> you know that while the spamming has reduced, this issue is still >> ongoing. >> >> Did I miss anything with IMF, or is a 3rd party spam solution my best >> option to block attachments? >> >> Thanks! >> >> >> "Jon Doe" <j***@comcast.net> wrote in message >> news:Qf2dnZ4nS63khRzenZ2dnUVZ_sOdnZ2d@comcast.com... >>> Hi there, >>> >>> I just loaded SP2 on all my exchange servers, and have been playing with >>> the IMF features. My company is in the middle of finding a permanent >>> spam solution, and I've recommended NetIQ spam filtering (this is before >>> I loaded SP2) since I used NetIQ before at my previous job and I believe >>> it's a pretty good spam filter. >>> >>> Now with spam filtering coming with exchange, I'm wondering if microsoft >>> can effectively put these other spam filtering software makers out of >>> the spam filtering business. My question is, what (if anything) does >>> NetIQ have on Microsoft's IMF to make it compelling? >>> >>> Is there any reason whatsoever to want to consider a software program >>> like NetIQ when Exchange SP2 comes with one built in? Any >>> advantages/disadvantages? >>> >>> Thanks much! >>> >> >> > > I think IMF may be a decent solution for people who want to block
50-60% of their spam, but there is no way that IMF releasing 2 updates a month will block these spam campaigns that typically come out after a virus infection. In fact, the Sober.U virus that went out yesterday was probably intended to recruit a new list of zombie machines to send out some Thanksgiving spam. You should see increasing amounts of spam all through December as well. I personally like the managed service approach and have used AppRiver (www.appriver.com) for a year or so. By routing your mail through their service, you make them handle the brunt of spam, virus and directory harvest attacks. I don't have to worry about message quarantine space or virus definitions, it's all handled. IMF has a long way to go and there are so many more effective products out there, why waste time and expose all of your users to spam that could be gone by simply choosing an effective 3rd party solution? Sometimes free is not better. -Steve <shrug> A client who recently installed it found that it blocked about 90%
of their incoming spam and for some of their users reduced it to almost none. (down from dozens or even hundreds a day before that). Of course, that's in conjunction with some connection filtering as well. Your mileage may vary, of course. -- Show quoteAloha, -Ben- Ben M. Schorr, OneNote-MVP Roland Schorr & Tower http://www.rolandschorr.com Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm **I apologize but I am unable to respond to direct requests for assistance. Please post questions and replies here in the newsgroup. Mahalo! "Steve" <st***@allzero.com> wrote in message news:1132666771.484078.257650@f14g2000cwb.googlegroups.com... >I think IMF may be a decent solution for people who want to block > 50-60% of their spam, but there is no way that IMF releasing 2 updates > a month will block these spam campaigns that typically come out after a > virus infection. In fact, the Sober.U virus that went out yesterday > was probably intended to recruit a new list of zombie machines to send > out some Thanksgiving spam. You should see increasing amounts of spam > all through December as well. > > I personally like the managed service approach and have used AppRiver > (www.appriver.com) for a year or so. By routing your mail through > their service, you make them handle the brunt of spam, virus and > directory harvest attacks. I don't have to worry about message > quarantine space or virus definitions, it's all handled. IMF has a > long way to go and there are so many more effective products out there, > why waste time and expose all of your users to spam that could be gone > by simply choosing an effective 3rd party solution? Sometimes free is > not better. > > -Steve > "Steve" <st***@allzero.com> wrote: That depends a lot on the contents of the spam that gets sent. The IMF>I think IMF may be a decent solution for people who want to block >50-60% of their spam, but there is no way that IMF releasing 2 updates >a month will block these spam campaigns that typically come out after a >virus infection. employees a statistical filter that uses n-grams (probably di-grams). The number of word pairs, and combinations of words in the pairing, are what's important, not just simple keyword or phrase matching. Statistical filters are pretty accurate in locating spam in these circumstances. When the words are misspelled, or misformed, or the parser that generates the token can be fooled, then the filter becomes less acurate until it can train on the new mesages. I'm not a big fan of the IMF becasue it *is* a black box and it's not trainable. But don't knock the underlying why in which it arrives at its conclusion about a message's spamminess. >In fact, the Sober.U virus that went out yesterday Just like every year.>was probably intended to recruit a new list of zombie machines to send >out some Thanksgiving spam. You should see increasing amounts of spam >all through December as well. >I personally like the managed service approach and have used AppRiver Yes, there are.>(www.appriver.com) for a year or so. By routing your mail through >their service, you make them handle the brunt of spam, virus and >directory harvest attacks. I don't have to worry about message >quarantine space or virus definitions, it's all handled. IMF has a >long way to go and there are so many more effective products out there, >why waste time and expose all of your users to spam that could be gone But sometimes it's all you can afford. :)>by simply choosing an effective 3rd party solution? Sometimes free is >not better. -- Rich Matheisen MCSE+I, Exchange MVP MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm Don't send mail to this address mailto:h.p***@getronics.com Or to these, either: mailto:h.p***@pinkroccade.com mailto:melvin.mcphucknuc***@getronics.com mailto:melvin.mcphucknuc***@pinkroccade.com The virus your referring to is the Sober.x and is spreading like crazy.
Almost all AV vendors have upgraded it to High over the last 24 hours. I run several clients servers and most of them did not catch it as definitions are just now coming out. Luckily, it's not a destructive virus and more of an annoyance and a bog on Exchange servers everywhere. I have found the quickest way to see if you are infected is to look for a c:\\windows\WinSecurity folder..if it's there..it is likely you are infected. Check all of you clients machines as most of my clients have had at least 1 machine infected, even with updated AV, Spam, Spyware blocks and all. Show quote "Jon Doe" wrote: > Yep... they were the ones from the FBI. Well I know it's generally the realm > of the antivirus software, but I know that NetIQ does do virus scanning as > well. The problem was that even though our antivirus defs are updated > weekly, the one everyone had did not catch this virus. I went on symantec's > website and got today's defs (not available via automatic update) and it > caught the virus. > > Either way, I know that with a 3rd party spam solution, I would block > certain attachments such as the usual suspects like .exe, .vbs...etc. So, > sounds like these FBI e-mails slammed a lot of e-mail systems today huh? > > > "Ben M. Schorr - MVP" <b***@bogusaddress.mvp> wrote in message > news:uuia1nw7FHA.1276@TK2MSFTNGP09.phx.gbl... > > Attachment blocking is generally the province of Anti-virus rather than > > spam blockers, though certainly some spam blockers do it too. > > > > Let me guess -- the virus was an e-mail that claimed to be from the FBI? > > Luckily your anti-virus system killed the virus before your users, who > > should know better than to open a random .EXE file, could do any real > > damage right? > > > > > > -- > > Aloha, > > > > -Ben- > > Ben M. Schorr, OneNote-MVP > > Roland Schorr & Tower > > http://www.rolandschorr.com > > Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm > > > > **I apologize but I am unable to respond to direct requests for > > assistance. Please post questions and replies here in the newsgroup. > > Mahalo! > > > > "Jon Doe" <j***@comcast.net> wrote in message > > news:cbednQO_M5Ll6R_eRVn-uA@comcast.com... > >> Thanks for the replies everyone. So, I posted this message this message > >> yesterday and guess what happened today?! We got slammed! > >> > >> So today we got this virus outbreak and tons of users were getting an > >> e-mail that had a zip file. Within the zip file was an exe file. As you > >> might expect with users, some of them opened the exe files. I turned on > >> Sender ID filtering and increased SCL blocking. These messages were still > >> coming through. However, I did notice that after turning on SenderID > >> filtering, the headers indicated that the messages were being sent from > >> IP addresses within our network. > >> > >> Anyway, I looked up information, and it doesn't appear that IMF blocks > >> attachments! I know that with NetIQ, I could've simply blocked exe files > >> and this would never have come in in the first place. So, I should let > >> you know that while the spamming has reduced, this issue is still > >> ongoing. > >> > >> Did I miss anything with IMF, or is a 3rd party spam solution my best > >> option to block attachments? > >> > >> Thanks! > >> > >> > >> "Jon Doe" <j***@comcast.net> wrote in message > >> news:Qf2dnZ4nS63khRzenZ2dnUVZ_sOdnZ2d@comcast.com... > >>> Hi there, > >>> > >>> I just loaded SP2 on all my exchange servers, and have been playing with > >>> the IMF features. My company is in the middle of finding a permanent > >>> spam solution, and I've recommended NetIQ spam filtering (this is before > >>> I loaded SP2) since I used NetIQ before at my previous job and I believe > >>> it's a pretty good spam filter. > >>> > >>> Now with spam filtering coming with exchange, I'm wondering if microsoft > >>> can effectively put these other spam filtering software makers out of > >>> the spam filtering business. My question is, what (if anything) does > >>> NetIQ have on Microsoft's IMF to make it compelling? > >>> > >>> Is there any reason whatsoever to want to consider a software program > >>> like NetIQ when Exchange SP2 comes with one built in? Any > >>> advantages/disadvantages? > >>> > >>> Thanks much! > >>> > >> > >> > > > > > > > "Staceman" <Stace***@discussions.microsoft.com> wrote: That would depend on what it's installing on your machines. A lot of>The virus your referring to is the Sober.x and is spreading like crazy. >Almost all AV vendors have upgraded it to High over the last 24 hours. I run >several clients servers and most of them did not catch it as definitions are >just now coming out. Luckily, it's not a destructive virus the crap out there now isn't intent on destroying stuff as it is on stealing stuff (data, passwords, time, bandwidth, etc.). Scroptkiddies are disappearing and they're being replaced by criminals. -- Rich Matheisen MCSE+I, Exchange MVP MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm Don't send mail to this address mailto:h.p***@getronics.com Or to these, either: mailto:h.p***@pinkroccade.com mailto:melvin.mcphucknuc***@getronics.com mailto:melvin.mcphucknuc***@pinkroccade.com  |
|||||||||||||||||||||||
Other interesting topics