Novell Home

How Dave Does It: Extending GroupWise - Anti-Spam and Anti-Virus Solutions

Novell Cool Solutions: Trench
By Dave Muldoon

Digg This - Slashdot This

Posted: 6 Jan 2005
 

This is Dave Muldoon's second article in the series for extending the features and functions of the Novell GroupWise product.

While providing some type of defense against SPAM and viruses may not actually "extend" the functionality of GroupWise, implementing a solution will prove extremely beneficial to any messaging system. This type of solution is almost a core component to implementing additional features and functionality. Equally important to implementing a solution for anti-SPAM and anti-virus is managing the solution and understanding technology changes within the industry. Many organizations have dealt with these two issues (SPAM and virus) years ago and have relied upon that solution for a few years to protect their systems. What's important for these organizations to understand is that newer technology is available that may be more cost-effective and provide a tighter security layer over the messaging system. In these cases, organizations may want to consider reviewing new products on the market today, as there have been many advances in this area since their first-generation counterparts. These advances in technology have been necessary based on the trends that spam and viruses have taken over the past year. MessageLabs reports some extremely important facts regarding these trends (for more information see: www.messagelabs.com/):

During the course of the year (2004), email viruses rose to an unprecedented high where 1 in 16 emails contained a virus. Comparing this to 2003, when viruses where found in 1 out of 33 emails.

SPAM also saw a huge jump in numbers as it now accounts for almost 73 percent of all Internet email. This figure almost doubled since the year 2003 where SPAM accounted for approximately 40 percent of Internet email.

These two facts alone highlight the importance of having the appropriate solution in place for defending against these malicious messages. Leaving these items unchecked can cause significant problems for messaging systems such as increased disk space consumption, increased backup/restore times, utilizes LAN bandwidth, slower overall processing for legitimate mail and a decrease in productivity of its users.

The Cost of SPAM:

While it may seem that SPAM only has an impact on email it also has impact on Internet usage as well (via browsers as many of these new HTML email messages use hooks to your browser to pull in information). These messages often contain an image-based advertisement that cannot be scanned for content, which bypasses most products on the market today. These images are often large and consume bandwidth as the messages are opened in addition to "normal message traffic".

What's very interesting is that just a few years ago, SPAM was merely considered a nuisance to email systems and users. As it has evolved as shown in the statistics published by MessageLabs, it has become something that IT organizations can no longer afford to ignore - afford being the key word... SPAM consumes an employees time, even when are simply deleting the bulk of the unsolicited messages, the cost of SPAM can add up. Quantifying the cost of spam can be quite difficult. The best formula I have seen to date works as follows:

An employee who gets only 15 pieces of SPAM per day and spends 10 seconds dealing with each will spends a total of 11 hours per year on managing SPAM. That may not sound like a lot of time until that time is associated to dollars. For example if the average employee within an organization of 10,000 employees earns $30.00 per hour using the above formula means and organization spends $3.3 million dollars a year managing SPAM. A similar organization with 1,000 employees spends $330,000 per year.

NOTE: The amount of SPAM may be unique to each individual and organization in many cases only 15 items per day is an extremely low number - a more realistic number may be 2 -3 times that in an unprotected system.

Keep in mind these numbers only pertain to SPAM. This is mainly because GroupWise has remained virtually unscathed by the plague of viruses that were unleashed during the past two years. A virus outbreak within a corporate network can wreak havoc on all aspects of the environment, routers, servers, users and technical resources used to stop, clean and resume services.

GroupWise and Junk Mail:
With GroupWise 6.5 Novell introduced Junk Mail handling. This has provided the administrator a way to allow users to manage some unwanted items. This is feature was not intended to be an anti-spam mechanism, but rather to remove legitimate, unwanted items based on user-based GroupWise client controls. This whole process along with the detailed difference between SPAM and Junk mail have been eloquently defined in the series written by Tay Kratzer entitled "Understanding Junk Mail Handling in GroupWise 6.5". The key item to understand is that this new functionality is not designed as an anti-spam solution. If implemented in this manner, this feature may pose further burden on a GroupWise system as opposed to providing any benefit.

What are the Options?

Solutions for defending against SPAM and viruses vary widely and are best broken into two categories, with the first category dealing with the physical source of the technology. The second category becomes the more granular approach concerning service/feature offerings within the third-party products.

Outsourcing (Category One) - Some organizations wish to outsource the entire solution. This reduces much of the potential administration that is dealt with by the IT staff. Over an extended period of time these outsourced solutions can provide a cost savings coupled with a technology benefit. The cost savings will come from hardware savings, as hardware lifecycle is no longer left up to the organization to depreciate and replace server or appliance devices. The technology benefit comes from the vendor managing both the hardware and anti-SPAM/virus technology, making certain that it is up to date, dealing with the latest outbreak or barrage of malicious email. Examples of these organizations are:

MessageLabs (www.messagelabs.com)
Postini (www.postini.com)
MailWise (www.mailwise.com)

In-House (Category One) - Many organizations prefer to bring the technology in-house so that internal staff can manage it. This process seems to be preferred as organizations are not always comfortable allowing vendors access to all of their email. This can also be an issue of compliance where organizations must provide more protection and storage of items, making the outsourcing of this technology less effective when reviewing the cost associated with each.

Because there are so many vendors in this niche-area of the email industry, I won't list examples here. For a list of vendors see: http://www.howdavedoesit.com and check out the vendor link.

Features (Category Two) - Within the industry today it seems that the options are almost limitless. As soon as administrators come up with new requests it seems that the vendors have them available. Here are some examples of functionality that may be considered by administrators:

Some administrators prefer to have an application that allows the recipient to decide if the email is spam as opposed to having an application make this determination for them.

Other administrators want to empower the users to set specific parameters to identify spam in an attempt to remove false-positives (this is a term used for email that has been flagged/removed as spam that was actually a legitimate item).

Some administrators require an application to have a very quick setup although they are willing to deal with a trade-off of more intricate management of software updates, rules, and signature updates as it provides more control for the organization's policies.

Other administrators are okay with solutions that may initially require more time, preparation and hardware that later become almost self-managed (based on vendor "call-home" capabilities, automatic signature updates and high availability).

Some organizations require a disclaimer or footer message be stamped on each outgoing email, others require blocking certain file types (even if the extensions are renamed), these features may be important when complying with certain regulations for businesses.

Then of course there are appliance-type products that remove all controls from the organization. These solutions are often quick to setup and require moderate configuration once installed. Appliance-type devices have become more available in recent years although they require an organization to have a certain level of trust in the vendor's technology, change-control and overall comfort-level with the vendor's longevity and financial future.

Determining the Cost:

To truly evaluate the cost of a solution, organizations need to review a standard set of criteria that will provide a baseline for offsetting the impact of SPAM and viruses crossing the corporate threshold. These standards should include initial hardware requirements, hardware maintenance, total server requirements (which in some cases may vary from initial hardware), additional software or technology, physical location space, switch port requirements (associated cost if available), and associated support salaries. Once these figures have been gathered the total dollars required could be used to determine two things: initial cost and projected re-occurring costs. Some solutions may seem to have an upfront cost that initially removes them from the decision process, yet when reviewing the long-term projected costs over 3 years and 5 years the solution may actually be more competitive.

There are also cursory costs that need to be understood, although they most often cannot have a dollar amount associated. These include items such as "learning curve" of the IT staff, where problems may be resolved slower based on more complex installations and configurations. Also on this list is the impact involved in updating software, hardware and SPAM/virus signatures. If signatures require manual intervention this may allow for "day one" virus outbreaks, etc. to slip through even the best designed systems. Having the signatures automatically updated can reduce the impact in some situations.

Finally, an organization needs to have an idea of the number of incoming messages. This number alone can determine the type of solution chosen as it may require much more hardware than a standard implementation, or on the other hand it may also require less hardware requirements, which can be difficult to understand. Lesser hardware requirements may still require a single server or set of servers although those servers may be underutilized making cost justifications more difficult to manage. Keep in mind that vendors, as well as other technology experts insist that these servers only handle the anti-SPAM/virus solution. Mixing other applications into the environment can pose other vulnerabilities, such as firewall port exposures, relaying, etc.

Summary

As you can tell there are many items that should be considered when thinking about an anti-SPAM and anti-virus solution. It is also important to understand that these items apply to existing systems and new systems alike. There are many options available, and knowing what solutions are available in conjunction with the organization's needs are key to identifying the proper solution, as well as maintaining the proper solution.

more articles in this series:

  • Extending GroupWise (part 1)
  • Extending GroupWise: Anti-SPAM and Anti-Virus Solutions (part 2)

How Dave Does It book:

If you like what you've read and want to read more of "How Dave Does It" you may want to consider picking up a copy of:


Written for both the beginner and the intermediate GroupWise administrator. This book is packed with many short chapters designed to allow you to read through the entire chapter in one sitting. Below is a short excerpt about the book:

"-it is rare that someone or something gets the chance to make a second first impression, but with this book I'm going to give you the opportunity to take a fresh new look at GroupWise and messaging practices in general. This section begins at "Day One" administration: your first day on the path of becoming a GroupWise administrator. This information will be useful to those people who may be taking on a new position where they must manage a GroupWise environment or for someone who is bringing GroupWise online for the first time. All of the information contained within this first section will prepare you to manage daily and weekly events. If you already manage a GroupWise system, hopefully this information will help solidify or enhance some fundamental skills that you may already have."

more How Dave Does It articles

For more articles by Dave Muldoon visit How Dave Does It


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell