[unisog] RE: unisog Digest, Vol 8, Issue 15

Rob Becker rbecker at kcai.edu
Tue Nov 16 14:28:06 GMT 2004


We are using a Barracuda www.barracudanetworks.com and have been quite
impressed so far.  We aren't currently using most of the advanced
features it offers, but it does a solid job of catching a large amount
of Spam with very little initial configuration. 
If you have questions about it, feel free to ask offlist.
Thanks.
Rob

-----Original Message-----
From: unisog-request at lists.sans.org
[mailto:unisog-request at lists.sans.org] 
Sent: Monday, November 15, 2004 10:02 PM
To: unisog at lists.sans.org
Subject: unisog Digest, Vol 8, Issue 15

Send unisog mailing list submissions to
	unisog at lists.sans.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://www.dshield.org/mailman/listinfo/unisog
or, via email, send a message with subject or body 'help' to
	unisog-request at lists.sans.org

You can reach the person managing the list at
	unisog-owner at lists.sans.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of unisog digest..."


Today's Topics:

   1. An help for a thesis (mmunaret at studenti.math.unipd.it)
   2. Information on Commercial Anti Spam Software (Tim Lane)
   3. Re: Information on Commercial Anti Spam Software (Eric Peters)
   4. Re: Information on Commercial Anti Spam Software (Harry Hoffman)
   5. Re: Information on Commercial Anti Spam Software
      (Vijay S Sarvepalli VSSARVEP)
   6. Re: Information on Commercial Anti Spam Software (Daniel Bidwell)
   7. Re: Information on Commercial Anti Spam Software
      (John Rowan Littell)


----------------------------------------------------------------------

Message: 1
Date: Mon, 15 Nov 2004 21:11:18 +0000
From: mmunaret at studenti.math.unipd.it
Subject: [unisog] An help for a thesis
To: unisog at lists.sans.org
Message-ID: <1100553078.41991b7695a41 at www.studenti.math.unipd.it>
Content-Type: text/plain; charset=ISO-8859-1



Hi y'all, I am doing a research for a thesis in intrusion detector
learning but
I have some problems sniffing a proper net.
I am using a tcpdump log file to extrapolate some features that I need,
like the
lenght of the connection, the protocol type, the service and so on but I
need to
have other information like:
"wrong fragment", urgent, connections that have SYN/REJ errors and so
on.

Just for an example, features written here:
www.kdd.ics.uci.edu/databases/kddcup99/task.html
are ones that I use.
Thank you so much for your contribution even if it is not a fully
security issue.

-----------------------------
Matteo Munaretto
University of Padova - Italy
Computer Science Dept.

-------------------------------------------------
Mail inviata da: http://www.studenti.math.unipd.it

Dipartimento di Matematica Pura ed Applicata
Universita' degli Studi di Padova



------------------------------

Message: 2
Date: Tue, 16 Nov 2004 22:37:51 +1100
From: Tim Lane <tlane at scu.edu.au>
Subject: [unisog] Information on Commercial Anti Spam Software
To: UNIversity Security Operations Group <unisog at lists.sans.org>
Message-ID: <5.1.0.14.2.20041116223711.01df2280 at popstaff.scu.edu.au>
Content-Type: text/plain; charset="us-ascii"

Hi All,

I am wanting to get an indication of what commercial anti spam software
is 
being used in other institutions.  We are looking for an "off the shelf
" 
package and wanting to minimise inhouse development as much as possible
.

Could anyone using commercial anti spam software please provide
information 
on what they are using and any thoughts they have on the product they
are 
using.

Please, no sellers of products - only institutions using products.

Thanks very much,

Tim Lane


Tim Lane
Information Security Program Manager

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

Ph:  61 2 6620 3290
Fax: 61 2 6620 3033
Email: tlane at scu.edu.au
http://www.scu.edu.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.dshield.org/pipermail/unisog/attachments/20041116/3f804604/at
tachment-0001.html

------------------------------

Message: 3
Date: Mon, 15 Nov 2004 17:12:29 -0800
From: Eric Peters <epeters at pcthome.com>
Subject: Re: [unisog] Information on Commercial Anti Spam Software
To: UNIversity Security Operations Group <unisog at lists.sans.org>
Message-ID: <1100567549.1201.58.camel at pcthome.com>
Content-Type: text/plain

I know you said commercial but the ease of setup and the performance of
http://www.mailscanner.info is just amazing and works well for our
organization. It also beats our TrendMacro 90% of the time in virus sigs
Mailscanner is yes OpenSource and constantly maintained by the School of
Electronics and Computer Science at the University of Southampton. But
most Executives like the accountability factor if something goes wrong,
and this where Fortress Systems Ltd. come in. http://www.fsl.com/ they
offer  Professional Support services for Mailscanner. I hope this helps
and good luck in your search.

Cheers,

-- 
---
Eric Peters
Sr. System Administrator
Pacific Crest Technology
Office 503.210.0112
Cell    503.975.9957




On Tue, 2004-11-16 at 22:37 +1100, Tim Lane wrote:
> Hi All,
> 
> I am wanting to get an indication of what commercial anti spam
> software is being used in other institutions.  We are looking for an
> "off the shelf " package and wanting to minimise inhouse development
> as much as possible .
> 
> Could anyone using commercial anti spam software please provide
> information on what they are using and any thoughts they have on the
> product they are using.
> 
> Please, no sellers of products - only institutions using products.
> 
> Thanks very much,
> 
> Tim Lane
> 
> 
> Tim Lane
> Information Security Program Manager
> 
> Information Technology and Telecommunication Services
> Southern Cross University
> PO Box 157 Lismore NSW 2480
> 
> Ph:  61 2 6620 3290 
> Fax: 61 2 6620 3033 
> Email: tlane at scu.edu.au 
> http://www.scu.edu.au 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog



------------------------------

Message: 4
Date: Mon, 15 Nov 2004 20:14:45 -0500
From: Harry Hoffman <hhoffman at ip-solutions.net>
Subject: Re: [unisog] Information on Commercial Anti Spam Software
To: UNIversity Security Operations Group <unisog at lists.sans.org>
Message-ID: <41995485.2080005 at ip-solutions.net>
Content-Type: text/plain; charset=us-ascii; format=flowed

Hi Tim,

Here at Drexel Univ. were testing Spam Squelcher. They are "black boxes"

but our postmaster swears they do a great job.

HTH,
Harry

Tim Lane wrote:
> Hi All,
> 
...
> Could anyone using commercial anti spam software please provide 
> information on what they are using and any thoughts they have on the 
> product they are using.
> 
> Please, no sellers of products - only institutions using products.
> 
> Thanks very much,
> 
> Tim Lane


------------------------------

Message: 5
Date: Mon, 15 Nov 2004 20:15:47 -0500
From: Vijay S Sarvepalli VSSARVEP <VSSARVEP at uncg.edu>
Subject: Re: [unisog] Information on Commercial Anti Spam Software
To: UNIversity Security Operations Group <unisog at lists.sans.org>
Message-ID:
	
<OF47A1C908.B56D914D-ON85256F4E.0005B8E4-85256F4E.0006EFAD at uncg.edu>
Content-Type: text/plain; charset="us-ascii"

I did some extensive research not that long ago on products, There are a

few out there good,  you need to find somethig suitable for your scale
and 
your environment.

1) www.mailfrontier.com -> Antivirus is an additional module from 
Kaspersky / McAffee
2) www.sophos.com -> Very good antivirus and antispam product for 
integration with pure message.  It was an excellent product from our 
evalve.
3) www.barracudanetworks.com -> not scalable but fairly good solution
uses 
spam assassin / clam in the back end from my understanding. Black box.
4) www.surfcontrol.com -> Good product but enterprise level and
individual 
controls are just realeased
5) www.tumbleweed.com -> Very good product as well runs on windows 2k 
series black box solution is available as well.
6) www.borderware.com -> MXtreme is failry okay product for the money.. 
from Canadian company.
7) http://www.cyphertrust.com -> Black box type solution.

Outsourcing services like postini are good for corporations but not for 
universities with some many legal and privacy obligations -- is what we 
found out for our organization..

My recommendation would be sophos or mailfrontier as top products, 
followed by tumbleweed / surfcontrol / cyphertrust.


Vijay

Vijay







Tim Lane <tlane at scu.edu.au> 
Sent by: unisog-bounces at lists.sans.org
11/16/2004 06:37 AM
Please respond to
UNIversity Security Operations Group <unisog at lists.sans.org>


To
UNIversity Security Operations Group <unisog at lists.sans.org>
cc

Subject
[unisog] Information on Commercial Anti Spam Software






Hi All,

I am wanting to get an indication of what commercial anti spam software
is 
being used in other institutions.  We are looking for an "off the shelf
" 
package and wanting to minimise inhouse development as much as possible
.

Could anyone using commercial anti spam software please provide 
information on what they are using and any thoughts they have on the 
product they are using.

Please, no sellers of products - only institutions using products.

Thanks very much,

Tim Lane


Tim Lane
Information Security Program Manager

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

Ph:  61 2 6620 3290 
Fax: 61 2 6620 3033 
Email: tlane at scu.edu.au 
http://www.scu.edu.au_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.dshield.org/pipermail/unisog/attachments/20041115/f8b9bf7f/at
tachment-0001.html

------------------------------

Message: 6
Date: 15 Nov 2004 22:09:47 -0500
From: Daniel Bidwell <bidwell at andrews.edu>
Subject: Re: [unisog] Information on Commercial Anti Spam Software
To: UNIversity Security Operations Group <unisog at lists.sans.org>
Message-ID: <1100574587.2227.7.camel at samwise>
Content-Type: text/plain

On Tue, 2004-11-16 at 06:37, Tim Lane wrote:
> Hi All,
> 
> I am wanting to get an indication of what commercial anti spam
software is 
> being used in other institutions.  We are looking for an "off the
shelf " 
> package and wanting to minimise inhouse development as much as
possible .
> 
> Could anyone using commercial anti spam software please provide
information 
> on what they are using and any thoughts they have on the product they
are 
> using.
> 
> Please, no sellers of products - only institutions using products.

We have been using Mailscanner (open source) from www.mailscanner.info
and have just done a feature evaluation of:

Message Labs, www.messagelabs.com, a hosted solution.

Barracuda, www.barracudanetworks.com, a blackbox solution.

Canit-Pro, www.roaringpenguin.com, a solution that we host on our
servers.

They all appear to be using the same set of open source tools for the
most part.  Canit-Pro allows us to scale with multiple servers as needed
and their price model was very favorable compared to the others.
> 
> Thanks very much,
> 
> Tim Lane
> 
> 
> Tim Lane
> Information Security Program Manager
> 
> Information Technology and Telecommunication Services
> Southern Cross University
> PO Box 157 Lismore NSW 2480
> 
> Ph:  61 2 6620 3290
> Fax: 61 2 6620 3033
> Email: tlane at scu.edu.au
> http://www.scu.edu.au
> ----
> 

> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
-- 
Daniel R. Bidwell	|	bidwell at andrews.edu
Andrews University	|	Information Technology Services
If two always agree, one of them is unnecessary
"Friends don't let friends do DOS"
"In theory, theory and practice are the same.
In practice, however, they are not."



------------------------------

Message: 7
Date: Mon, 15 Nov 2004 22:56:08 -0500 (EST)
From: John Rowan Littell <littejo at earlham.edu>
Subject: Re: [unisog] Information on Commercial Anti Spam Software
To: UNIversity Security Operations Group <unisog at lists.sans.org>
Message-ID: <Pine.OSX.4.61.0411152245340.1311 at muscovite.local>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

-----BEGIN PGP SIGNED MESSAGE-----

Lo, Tim Lane and the teakettle whistled in unison:

> I am wanting to get an indication of what commercial anti spam
software is 
> being used in other institutions.  We are looking for an "off the
shelf " 
> package and wanting to minimise inhouse development as much as
possible .
>
> Could anyone using commercial anti spam software please provide
information 
> on what they are using and any thoughts they have on the product they
are 
> using.

I also did some recent research into black-box spam/virus gateway
appliances.  I looked closely at both the Meridius mail gateway
from BlueCat Networks and the RazorGate from Mirapoint.  Both of
them seem quite good at what they do, namely spam and virus filtering
(with quarantine, bounce, etc.), mail routing (in my case via LDAP),
and a certain degree of per-user configuration.

I determined, though, that for the price (around $20K for the
Meridius and upwards of $40K for the RazorGate) that we could
implement our own black box filtering and routing gateway for quite
a lot less, including the development and support time (given our
local expertise).  Your mileage, of course, will vary depending on
your local expertise and their willingness to make do with non-HUI
(or less GUI) management interfaces and your desire for strong
corporate support.

I'd be willing to talk offline about some of the specifics that I got
from these products (although it's nothing that you couldn't get from
asking people in their respective technical departments).

   --rowan

- -- 
John "Rowan" Littell
Systems Administrator
Earlham College Computing Services
2004-11-15 22:45
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Pine Privacy Guard 1.02

iQCVAwUBQZl6WZdUNSJ2nf/5AQEGzAP+MKAD1snh2MWSjqqy68H0lcgGBCBS59mP
hpgrOI44jJhjrkIAu+aGEPD68gYdAtV4I5QExCJmL6vgL/ngq/6mc+XoFECHi+fJ
R0fVSt5RQPkqcmq2kUrZzYrOJDZTNMrjcs+2VSUpYsRmLYJgEWNp2T2r36lhojXr
atiG0r0a/YI=
=8Qbr
-----END PGP SIGNATURE-----


------------------------------

_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog


End of unisog Digest, Vol 8, Issue 15
*************************************




More information about the unisog mailing list