Among the many things that elicit grumbles from many administrators and technical support types is anti-virus (AV) software. We install it on our servers and desktops in the hopes that they will do away with those nasty little bugs that make life unbearable. And we also pray that we are in possession of the killer app, since we know that some usually miss a bug or two.

This can be a problem if that overlooked virus or worm is something like Blaster. Particularly so if its on our email server (say one like Lotus Notes), which already has a heavy load on its hands; it doesnt need the added burden of dealing with a nasty infection.

Making matters worse, some worms/viruses are geographic-specific. If your AV softwares developer is located in a different geographic area, updated signatures may arrive too late. So how can this be best dealt with?

The answer: An interesting and well thought-out product called Antigen from Sybari. Antigen is specifically designed to ensure a secure messaging environment for the enterprise, whether email or instant messaging, by embracing an unorthodox approach.

By default, Antigen comes with four well-known anti-virus engines: Sophos (UK), Norman (Europe), and Computer Associates (Asia and North America). You can add on additional optional engines from the likes of Kaspersky Labs (Europe), Authentiums Command (North America) and Virus Buster (Europe).

And what surprises me the most is that few other AV companies (in fact, I dont know a single other one) have implemented this idea. I mean, why not? It makes logical sense that no matter how good your product, there will be a hole. This approach, on the other hand, results in more eyes on the lookout for nasty worms and a way to tighten the noose around them.

You probably think that means visiting a lot of sites to download, eh? Not in this case. Sybari obviously thought this out and provides downloads directly from their site. Even when you update and/or patch, youre never down. Your server will continue to function 24/7. In fact, there is only one time that Antigen is taken offline: when you reboot the server.

But they dont just stop there. Relying on signatures always means spending a little time behind the 8-ball. Thats just not a viable solution for todays embattled enterprise IT departments. We certainly dont want a repeat of events like those with the old I Love You worm. So, in addition to the signature-based anti-virus engines, there is also a heuristic scanner that detects for things that just aint right, so to speak. All of these factors combined should reduce that window of vulnerability, also known as the time until the next signature is released.

Now, all of this may sound like its going to be CPU and memory intensive. Of course, some thought was put into this as well. While most of the emails are scanned in memory (in an apropos named area called SCAN.BOX) the scanning is done based on bias settings put forth by the administrator, as well as algorithms that determine which AV engine to use. For instance, I might be more inclined to use Sophos engine on emails from the UK than just the CA engine from North America. And for a Notes environment, this only helps to reinforce existing policies in regards to dealing with virus/worms.

As an administrator, I could stop there and be quite content. Well, almost.

Continued on Page 2.


Pre-Article:StorageTek Seals Datamation Product Award
Next-Article:goWholesale Goes With Free Classifieds