Beyond message blocking
In "A Viral Survival Checklist," May 2000, I explained specific steps you can take to prevent or minimize the effect of viruses that enter your organization through email. I predicted there that the virus war will continue to escalate to take advantage of new forms of system automation—and exploit any possible lapse in security—with an ever-growing risk of loss.
In recent months, several viruses have appeared that have active content in the message body instead of in an attachment. This type of attack bypasses conventional email virus scanners, which scan attachments only. To make matters worse, these viruses can cause extensive harm because recent viruses demonstrate the ability to download new code or upgrades from Internet newsgroups. Because of the need to detect, prevent, or contain this type of virus, content management is becoming a popular practice. However, content management can do more than contain the spread of viruses.
This month, I help you answer several questions:
- What is content management?
- Where can I place content management in my organization?
- What solutions are available for Exchange Server 5.5?
- What content-management products are available?
What Is Content Management?
Content management can include filtering for malicious code, much like antivirus scanning. However, content management also includes managing the flow of any other type of email content coming into or circulating within an organization. Your main concern might not be content management for incoming Internet email but offensive messages within your organization such as sexist or racist email that violates your company policy.
Content-management applications break apart an email messages for analysis and inspect each part to compare it against filters that the administrator establishes. People design filters typically to intercept certain words or phrases in an email message to prevent circulation of messages that contain unsolicited advertising or inappropriate material. Content management can also prevent confidential and inappropriate email from leaving your organization. The sidebar "The Risks of Outbound Mail," page 2, explains how screening outbound mail can protect your organization.
Points for Content Management
In most organizations, email messages have multiple entry points and routing destinations—from the primary gateway across bridgehead servers to a mailbox server and finally to the email client. You can perform content management at any of these points.
For example, your main point of entry might be an SMTP server, which routes email to an Exchange mailbox server. I discuss two types of content control that you can perform at the SMTP server: unsolicited commercial email (UCE) prevention and message-body scanning to find offensive content. The Internet Engineering Task Force (IETF) Request for Comments (RFC) 821, which covers SMTP transport mechanisms, defines the first type of SMTP scanning. RFC 822 defines the second type of scanning, which breaks apart a message and inspects the contents based on message-body definitions.
At the next step of the email process, the Exchange mailbox server, content-management depends on the Exchange version you're running. This month, I discuss techniques for Exchange Server 5.5; in a future issue, I'll discuss Exchange 2000 Server.
The last step in the email process is the client. The sidebar "Content Management on the Client" explains how you can use Microsoft Outlook to manage content after mail leaves the server.
Exchange Server 5.5
In an Exchange Server 5.5 organization, the SMTP server is the primary focus for content-management software because vendors haven't designed many content-management applications to run directly on an Exchange Server 5.5 mailbox server. Therefore, for Exchange Server 5.5, you can evaluate content-management solutions based on SMTP mail and entry (or exit) points.
If you want content management solely for an Exchange Server 5.5 organization, you can buy an antivirus product with a content-management plug-in, such as Trend Micro's ScanMail for Microsoft Exchange or Sybari Software's Antigen. For example, ScanMail for Microsoft Exchange has an eManager plug-in that provides both UCE prevention (i.e., the ability to block inbound messages based on information appearing or missing from the message header) and content filtering, as Figure 1 shows. The Trend Micro Web site (http://www.antivirus.com) provides content-filtering rules to block greeting card messages and several known virus types. You import the rules into a policy that also defines what action to take when a message matches the rule.
One of the earliest content-management products for Exchange Server, Baltimore Technologies' (formerly Content Technologies') MAILsweeper 3.0 for Exchange, scans email sent through the Internet Mail Service (IMS). However, the original product had no administrative interface, which made it difficult to use because you had to configure the product by editing text files. The newest version, MAILsweeper 4.2, adds an administrative interface.