Category Archives: Mail Security

VBSpam Results

      No Comments on VBSpam Results

Virus Bulletin just published their September 2010 test results (http://www.virusbtn.com/vbspam/index), and Symantec Brightmail Gateway once against received a VBSpam designation – our 5th consecutive recognition. 

In this month’s test, Symantec Brightmail Gateway registered an effectiveness score of 99.64%, with 0 false positives!  It is great to see external validation for the premium that Symantec places on balancing very high effectiveness (over 99%) with accuracy (low false positives) in fighting spam.

You may be familiar with the Virus Bulletin name – Virus Bulletin is an independent third party that has been running comparative tests on antivirus technologies for over a decade.  Symantec’s antivirus engines have achieved over 40 VB100 awards during this time. 

Our team is thrilled with the latest results on the VBSpam testing. Symantec Brightmail Gateway is a core component of Symantec Protection Suite (Enterprise Edition and Advanced Business Edition), and is also available as a stand-alone enterprise product and the Symantec Brightmail Gateway Small Business Edition, for customers with fewer than 250 employees.

Messaging & Web Security at Symantec Vision 2010 in Barcelona

I can’t quite believe it’s September already, this year is flying by at a crazy pace.
This means that the Symantec Vision conference in EMEA has come around quickly too.

This year, we are at the CCIB in Barcelona, Spain, during the first week of October – Tuesday 5th through Thursday 7th.

Amongst the many, many sessions over the 3 day conference, there are a number of Mail & Web security sessions that you shouldn’t miss (not least because I’m co-presenting them smiley ), so in no particular order.

  1. Best Practices for Email Security.
  2. Anatomy of a Web Attack.
  3. Hands On Lab – Best Practices for installing and Configuring Symantec Brightmail Gateway.
  4. Hands On Lab – Best Practices for installing and Configuring Symantec Web Gateway.
  5. Deploying Symantec Protection Suite: Architecture and Best Practices.

Other interesting sessions in the messaging and web security realm:

  • The State of Spam
  • Cost of Email Security – Calculating your risks
  • Protecting against Botnets
  • Best Practices for installing and configuring Symantec Mail Security for Exchange
  • Running Security Operations with Symantec Protection Center

If you are joining us at EMEA Vision this year, what are you looking forward to most?

Be sure to let me know if you are coming along, there are going to be plenty of opportunities to talk to our product specialists, engineers, decision makers and of course to network with your peers.

//ian

Catching up on Symantec Brightmail

Greetings, fellow Symantec Connect community members.  This is Angelos Kottas, Principal Product Manager for Symantec Brightmail Gateway. This is my first blog posting on the Brightmail blog on Symantec Connect, and I look forward to hearing from many of you in the weeks and months ahead.
 
Since last we posted to this blog, the Symantec messaging security team has been very busy!  We successfully released Symantec Brightmail Gateway 9.0 in mid March, and have been pleased to see very rapid adoption of the new release.
 
We also saw several new product releases in our broader messaging security product lines, including Symantec Mail Security for Microsoft Exchange 6.5, Symantec Mail Security for Domino 8.0.5, and Symantec Brightmail Message Filter 6.2.
 
To learn about these new releases, click on the Release Notes from the product support pages.
 
I also hosted a recent webcast on “What’s New in Symantec Brightmail Gateway 9.0” – a recording of the webcast is available here: http://www.symantec.com/offer?a_id=95708
 
In addition to the core product releases, we are also very excited about two new Protection Suite offerings that include our messaging security products: Symantec Protection Suite Advanced Business Edition and Symantec Protection Suite Enterprise Edition for Gateways.  You can read more about the Advanced Business Edition here: http://www.symantec.com/about/news/release/article… ; and our new enterprise suite offerings here: http://www.symantec.com/about/news/release/article…
 
I’ll be back with more updates soon, but in the meantime, please respond to this posting with suggestions for topics that you would like to see covered in future blog postings.

Introducing our Technical Advisory Webcasts

      No Comments on Introducing our Technical Advisory Webcasts

I’ve mentioned before that I’m a really keen advocate of bringing our customer base closer to our product development process.
2 years ago, I started running Customer Advisory Boards for our customers in EMEA.  These annual or bi-annual events were a chance for customers to come together and help us prioritise future development work by discussing their experience and insight into messaging security.
In general, these were really successful and the fruits of those sessions are just coming to light now with last years Brightmail Gateway 8.0 release and the very-soon-to-be-release Brightmail Gateway 9.0.

But, what about our customers that don’t have the budget to travel to another city and participate?
This is more and more common in this economic climate.  Travel budget is often the first belt to be tightened.

Well, this month I’m delighted to kick off the first Messaging & Web Security Technical Advisory Webcast.

Sounds interesting, what are they?

The Technical Advisory Webcasts are regular events, initially covering Symantec Brightmail Gateway and Symantec Web Gateway.
Presented via Webcast and tele-conference, you can expect to hear the following kind of information:

  • General product updates
  • Insight into future roadmap planning
  • Technical Deep Dives
  • Best Practices
  • Ask Us Anything Q & A

I’m keen to make sure we provide information that is interesting and useful to you, our customers.  So, if you have any specific topics you would like to see covered and discussed, please do let me know.

As I mentioned above, we are very close to shipping Symantec Brightmail Gateway 9.0 and this first webcast will introduce this major release.

How do I sign up?

Head over to the Security “Groups” page (https://www-secure.symantec.com/connect/security/g…) and sign up to the “Symantec Customer Advisory Program – Enterprise Security” group.
Be sure to complete your profile as complete as possible and add a comment that you want to register for the Technical Advisory Webcasts.
If you have any problems, feel free to contact me either here on Connect or at ian_mcshane@symantec.com

Cheers!

//ian

Now, here’s an idea….

      No Comments on Now, here’s an idea….

Over the last couple of years, as a Product team working on Brightmail, we have really increased our efforts to gather as much information from customers as possible.
Talking to customers about what they need do today and how they do it, how they envisage doing it in the future, as well as how they deal with different security threats whether it’s around inbound email malware or Data Loss Prevention.

Last week I met with the top IT guys for one of our Enterprise Security customers, to talk about future projects they are running and how Symantec Enterprise Security products fit into their internal roadmap. I first visited them last summer on a whirlwind tour of customers in Europe.
Besides being a great week long roadtrip and building relationships with the guys in the field that I don’t often get to meet face to face, we had some really interesting discussions with customers about their requirements and futures.
Now, one of the thing I like to do when meeting customers, is to talk a little bit about what improvements our Engineering team have put into the product over the last release. It’s a pretty good way to break the ice, if it’s the first time i’ve met them.
It’s even better when I get to go back to a customer and outline improvements based on the feedback we took away from our last meeting with them. Of course, it doesn’t always go that way and some times it’s a little painful explaining why we haven’t put someone’s “must have” feature into the product yet. 🙂

Symantec have always been interested in customer feedback and i’m really pleased to see us adding more transparency to our product planning.
The Ideas section on Symantec Connect (https://www-secure.symantec.com/connect/ideas) was launched last month. It’s based on the idea of community voting and gives our customers a way to voice their opinions on and request new functionality requests.  You can find the Brightmail Gateway Ideas section under the Security heading.

One of the most difficult things to do around enhancements is to really understand just how popular a new feature would be across our entire customer base.
Sure, we can talk to as many customers as possible and ask for their opinions but using the Ideas portal to reach a wider audience is going to be invaluable.
It’s still in the infancy right now but as we start moving forwards through project release cycles, you’ll see others on my team and engineering folk joining in the conversations to make sure we are looking at the right solutions.

(Note: I try to steer clear from annoying corporate terms as much as possible so it pains me to type the next sentence.)

My “Call To Action” (grrr) for Brightmail Gateway customers is to get involved in the Ideas portal.
Have a look through the suggestions that have been put forward already.
Vote for the ones that interest you and add your own Ideas in.
You disagree with something that someone suggests? Add a comment to their suggestion explaining why you disagree.

I’m always happy to talk to customers so if you have a question about anything mail or web security related, leave a comment below or feel free to email me at ian_mcshane@symantec.com.

//Ian

Important information for users of Brightmail Gateway Virtual Edition

Here’s some information you should be aware of before upgrading to the forthcoming Symantec Brightmail Gateway 8.0.2 release.

//Ian

<go>
Notification type: New version will be available – Important information to read prior to updating on VMware environments
Product: Symantec Brightmail Gateway
Version: 8.0.1
Patch: 8.0.2
Other Hardware/Software/Environment: VMware ESX Server 3.0.2 or prior with virtual LSI SCSI controller

Overview:
Action required for customers using Virtual Edition of Symantec Brightmail Gateway and VMware ESX Server 3.0.2 or prior with virtual LSI SCSI controller. Prior to updating to 8.0.2., Symantec is strongly recommending that customers assure themselves that they are current with VMware 3.5 or later prior to upgrading to Brightmail Gateway 8.0.2 to prevent loss of functionality.  An alternative workaround is provided if VMware 3.5 is not available.

Recommendation:
Symantec encourages all customers to update Brightmail Gateway to 8.0.2. The update is available via the Control Center or through the Command Line Interface (SSH).
For more information about all changes in this update, please copy and paste the URL below in a browser:
http://service1.symantec.com/SUPPORT/ent-gate.nsf/…

If you have deployed Brightmail Gateway as a virtual appliance and are using a VMware ESX Server environment with a release prior to 3.5update4, you must upgrade the virtual environment to 3.5update 4 or later prior to performing the software update. Failure to do so will result in complete loss of functionality for your Brightmail installation.

This notice is applicable to the following customer configuration;

– VMware Server Version 3.0.2 or prior
AND
– Using the virtual LSI SCSI controller

If you have the above combination and do not take one of the actions specified below, Symantec Brightmail Gateway will not function after updating to version 8.0.2. A kernel panic will occur after rebooting the virtual appliance after the update. The following options are available to prevent this issue:

* The Primary recommended method is to upgrade to VMware ESX Server Version 3.5.

Upgrading typically requires down time and a reboot for the virtual machine in which Symantec Brightmail Gateway runs. These steps may also be necessary for other virtual machines on the same physical computer. Before upgrading, perform the following tasks on Symantec Brightmail Gateway Virtual Edition:

1. Back up your existing data.
2. Check for a running LDAP synchronization cycle.
3. Check for a running Scanner replication cycle.
4. Halt incoming messages to drain all message queues.

These steps are similar to preparing for a software update. See “Running software update” in this document for more information about these steps.
For more information about upgrading, copy and paste the URL below into a Web browser:
https://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_upgrade_guide.pdf  

* If you are unable to upgrade to the latest version of VMware ESX Server, you can alternately change your virtual machine to use the BusLogic SCSI controller. For more information about changing the SCSI controller configuration, copy and paste the URL below into a Web browser:
http://www.vmware.com/support/vc14/doc/c14chgscsicontrol11.html

* For the most current information about this issue, copy and paste the URL below into a Web browser:
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009051416195754

Symantec Brightmail Gateway 8.0.1-7 released

I’m delighted to announce the release of our first update to the Brightmail Gateway 8.0 release.
Version 8.0.1-7 should be available for direct upgrade via your Brightmail Gateway UI or CLI right away and customers can upgrade from any previous production build directly to this release. 
Note:  If you participated in any of our previous beta programs, you CANNOT upgrade from a beta release of Brightmail Gateway.

What does this release include?

  1. Language Packs:
    This release includes translated help and documentation in: Simplified Chinese, Traditional Chinese, Japanese and Korean.  The Getting Started guide is also translated into Arabic, Brazilian Portuguese, Czech, European Portuguese, French, German, Greek, Hebrew, Italian, Polish, Romanian, Russian, Slovak, Slovenian and Spanish.
  2. New SMTP setting “Do not advertise 8BITMIME”:
    We’ve seen a few problems in the wild where, whilst Brightmail Gateway is able to handle messages containing 8-bit MIME data, if it tries to delier these messages  to an MTA that cannot handle 8-bit MIME, the contents became somewhat garbled.  This mostly affected hiascii character sets.  Enabling this new setting forces Brightmail Gateway to accept only 7-bit MIME, which inturn makes the sending MTA pass only 7-bit MIME data to us.
  3. Accepted inbound mail connections limit removed:
    With the 8.0.0 release, Brightmail Gateway did not use any entries after the first 100 in the “Accept inbound mail connections only from the following IP addresses and domains” list.  This has now been corrected.
  4. HTTP Access to control centre:
    Prior to upgrading to 8.0.0, some customers used plain HTTP to access the control centre.  After upgrading, this HTTP access was disabled automatically.  Additionally, the http CLI command did not function.  With the 8.0.1 release the functionality has been restored.  If you wish to access the control centre over HTTP, run the http on command from the CLI and restart the Control Centre.
  5. Messages remaining in delivery queue with SMTP error codes 421, 450, or 451:
    Under some circumstances, it was possible for the Brightmail Gateway connection timeout limit to be reached before all of a recipient domains MX records had been attempted.  For 8.0.1, this has been resolved.
  6. Large increase in messages reported by the control centre statistics:
    Under very unlikely circumnstances, it was possible for a short lived mail loop to exist between two of the Brightmail Gateway interfaces.  This would have manifested itself by way of showing an inflated number of messages sent and recieved under the control centre statistics.  Further redundancy has been added to Brightmail Gateway to avoid this problem.
  7. Virus definitions configured for download on weekends:
    If you perform a new installation of Brightmail Gateway, automatics virus definition updates are enabled every 10 minutes.  Previously, LiveUpdate was not set to run on Saturday and Sundays.  After upgrading to 8.0.1, you are stronly advised to verify your LiveUpdate settings as an upgrade will NOT change any schedules to remedy this.
  8. Ethernet interfaces on the same subnet:
    Previously, if you had two NICs on the same subnet, the MAC address for one NIC may have been cached by DNS and used for both addresses.  This may have resuled in mail delivery issues if one of the NICs was not working.  This issue has been addressed for NEW installations of Brightmail Gateway.  If you have this set up (2 NICs on one subnet) in an existing version of Brightmail Gateway, upgrading alone will not address this issue and you are advised to contact Technical Support for assistance.

Any questions?  Let me know!

//ian