1 / 25

Welcome to GWAVACon

Welcome to GWAVACon. Guinevere 3: Perimeter and GWIA Protection at its Best. Michael Bell, mjb@gwava.com. About your presenters…. Michael Bell Senior GWAVA developer Nuisance, gadfly, Sysop Director of QA, GWAVA Co-founder, spiritual leader. Guinevere 3.

silver
Download Presentation

Welcome to GWAVACon

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome to GWAVACon Guinevere 3: Perimeter and GWIA Protection at its Best Michael Bell, mjb@gwava.com

  2. About your presenters… • Michael Bell • Senior GWAVA developer • Nuisance, gadfly, Sysop • Director of QA, GWAVA • Co-founder, spiritual leader.

  3. Guinevere 3 Guinevere, the original Anti-Virus/Anti-Spam solution for GroupWise integrates with GWIA to scan all inbound and outbound GroupWise mail. • Guinevere: • Windows-based solution • Low cost • Anti-Virus/Anti-Spam

  4. Internet GWIA Zone Guinevere MTA Domain MTA Domain Post Office Post Office Post Office Post Office Guinevere 3 Where Guinevere fits

  5. Guinevere 3 • New Features for G3 • SpamAssassin • Scary to install for Perl novice • SpamAssassin was a major bottleneck in G2. • Difficult to configure in G2, command line tools needed. • Now daemonized. 2-5 times faster, 1/3 the CPU utilitization and memory usage, and plug and play install. • Friendly gui-based configuration and learning tools.

  6. Guinevere 3 • New Features for G3 • Turbo charged SQL based archive viewer • Similar to and based on the GWAVA Archive Viewer • Much faster, easy to filter, easy to organize • Transactional Protection (bad files will be autoquarantined)

  7. Guinevere 3 • New Features for G3 • Auto-Downloader/Installer • Allows you to download, and optionally install updates for Guinevere. • You can specify frequency of updates, whether an e-mail is sent to admin. • You can specify the categories of updates that will apply. (standard updates, special notices, betas etc.)

  8. Guinevere 3 • New Features for G3 • Improved AV installer Wizard • Leads you through setting up your AV product. • Improved boilerplate Wizard • All templates centrally located, not hardcoded. (Guinevere is VERY customizable)

  9. Guinevere 3 • New Features for G3 • Auto Digester • Send an HTML digest of Spam Messages to people each night. • Allow resubmits. • Control scope of resubmits • Allows admins more leeway in their desire to just “whack” the spam.

  10. Guinevere 3 • New Features for G3 • Spam Score Adjustment • Reduce score of known good attachment types. • GWATCH • Monitor Guinevere, alert if issues • Redline Integration • Advanced monitoring, trending, graphing. • Reply Flood Protection, improved report speed, etc.

  11. Guinevere 3 • Guinevere Message Flow • Understanding • Without Guinevere • POA-> MTA -> GWIA\SEND -> Internet • Internet -> GWIA\RECEIVE -> MTA -> POA • With Guinevere • POA -> MTA - > GWIA\SEND -> Guinevere -> GWIA\THIRD\SEND -> Internet • Internet -> GWIA\THIRD\RECEIVE -> Guinevere -> GWIA\RECEIVE -> MTA -> POA • Diagnosing issues

  12. Guinevere 3 • Fingerprinting • How does it work/reliability • Why is it useful • Depending on the extension is an inherently flawed methodology. • Support for fingerprinting • EXEs (64/32 bit) • ELF • RPM • and about 100 more common image, sound, archive, etc.

  13. Guinevere 3 • Scan Order • Order in which events are processed. • Guinevere unlike GWAVA fires only one event. • In order: • Mail Filters • Exploits • Fingerprinting • Virus • Attachment Blocking • Spam

  14. Guinevere 3 • SpamAssassin • Open Source – Guinevere author maintains the Win32 HOWTO at http://www.openhandhome.com • Highly Effective – typically 80-90% out of box, 95-99% with training • Best ways to use SA • Custom rules • Whitelist/Blacklist vs. exclusions • Difference between the two

  15. Guinevere 3 • SpamAssassin (continued) • Tools to help/Bayesian • ExportSpam • To allow easy export of SPAM/HAM from GW client • Ruleset/RuleCreate • To create a filter rule in GW. Alternatively use GW 6.5.2’s /xspam switch • Saconf – GUI based configuration tool for configuration of SpamAssassin

  16. Guinevere 3 • SpamAssassin (continued) • Spam configuration tree • Used for dealing with multi-department situations • or any situation where user needs vary greatly. • Individual rules/whitelists/blacklists

  17. Guinevere 3 • Other great features of Guinevere • Central Signature administration • Match against domain names, partial names • Powerful notification features • Easily customized templates • Exploits easily blocked (CLSID, double extension, JPEG, corrupt ZIP) • Archiving for compliance and troubleshooting

  18. Guinevere 3 • Other great features of Guinevere • Attachment blocking • Powerful mail filters to allow deletion, cc, forwarding, etc. (made even more powerful by GuinFilter) • Exceptions for all of the above. • Powerful reporting engine that can also be run from the command line and run automatically.

  19. Guinevere 3 • Compared to GWAVA • Designed to be a low cost, simple solution • Windows based, supports GWIAs on Windows, NetWare, Linux (via Samba) • Ability to alter/strip attachments • Ability to do signature files • Ability to automatically redirect/cc mail (GWAVA has somewhat similar functionality but not as flexible) • Uses a different Antispam engine. Often 2 better than one!

  20. Guinevere 3 • Guinevere can process a lot of mail • Some customers report processing over 100,000 messages per day. • Hardware Requirements: Any Pentium IV computer, 512 MB RAM, Windows (any 32 bit version).

  21. Guinevere 3 • Guinterface provides added functionality • Web based interface • User self serve • Resubmit mail easily • Parses Administrative Notifications • Now free (except for support agreements) • http://www.guinterface.com

  22. Guinevere 3 • Future of Guinevere • Beginfinite now has 4 security/policy management products – GWAVA, Gee Whiz, Guinevere, and GWAVIX • This has led to customer confusion over which product to choose. • We need to consolidate into 2 major product lines – Enterprise, and Value oriented. • GWAVA will be our Enterprise solution • Guinevere will be our Value oriented solution • No need to install Perl or Perl modules. This saves a great deal of effort with initial setup

  23. Guinevere 3 • Future of Guinevere • END OF 2006 • Our goal is retain the stability and ease of use of Guinevere, as well its feature set, while expanding its capabilities. • The new Guinevere will be released • It will be a best of breed product, featuring major code enhancements merged together from GWAVIX and Gee Whiz. This represents a major investment from Beginfinite in Guinevere’s future.

  24. Guinevere 3 • Future of Guinevere • END OF 2006 • It will support multiple platforms • Web based administration • Archive/Quarantine viewer • Expanded content filtering capabilities • Expanded signature capabilities

  25. Guinevere 3 • Future of Guinevere • END OF 2006 • SMTP Proxy capabilities • Integrated Antivirus engine and AntiSpam engine • And You Won’t Be Getting Rid of Me  - I will continue to be Lead Designer.

More Related