Blog Archives

New spam appliance from Sunbelt Software

I came across this article in the Ninja newsgroups, and was pleased to see that Sunbelt now has a spam appliance called Ninja Blade.  It sounds fantastic and let me tell you, if I had the extra cash to spend $2000 on spam filtering for two people, I’d buy it!  While I have not tried this system out, I can tell you that its probably going to be a huge success.  I checked out the demo admin interface and its especially good for a brand new product.  They will be adding all the “bells and whistles” to it as it matures, but I was very impressed with the features in its initial release.

Advertisements

Sunbelt Software status

I previously mentioned that I’ve been trying to get the new Sunbelt Exchange Archiver installed for an evaluation and I’ve also mentioned the old “IHateSpam” product and the predecessor “Ninja” in previous blog posts.  Here is an update on my status…

Sunbelt Exchange Archiver:

   I am still unable to get the archiver to work, my issues at this point are with the database connection.  No matter what I try, I can’t get the database connection to function.  I finally did get the product to install but now you have to configure everything before it can start the services.  As usual the Sunbelt documentation is sub-par and contradicts what support tells you.  I will probably have to get a support rep on the phone and do a remote install session just to get the product running. 

Sunbelt Ninja:

   I upgraded my Exchange servers in my company to the latest build of Ninja which includes their new “STAR” engine.  This replaces the old Sunbelt heuristic filter with a definition based system like the cloudmark engine.  I was told by Sunbelt that their new engine “does not cause false positives” before I did the upgrade.  Pre-upgrade testing showed no problems with system resources such as CPU utilization and spam catch rates were the same as previous tests on the old version.  The problem comes in when deploying in production.  I found soon after enabling the new engine that we were having problems with lots of false positives and even some internal mail was being filtered and going to user’s quarantine.  I ended up having to disable their new engine and things are working much better now.  I also resolved an issue with the anti-spoofing feature that was marking lots of external mail as spoofed. 

   I think in general Sunbelt Software is on the weak side in the following areas:

1. Documentation, frequently I find their documentation is incomplete, does not answer questions users would have upon installing, and contradicts other documentation related to steps in the process and also their support staff directly. 

2. Internal testing, I know they test their products before releasing to the general public.  However its been my experience that there are always unexpected issues when installing or upgrading any of the three Sunbelt Products I’ve used.  Like with Ninja and their STAR engine causing false positives, and marking internal mail as spam when its not supposed to.  Not to mention the default configuration causes high CPU utilization on the host server.

Unfortunately there are not many other alternatives to do the job that Sunbelt’s software does.  I know there is no perfect software, and with software comes its share of bugs.  One last complaint would be in diagnosing errors.  I know that in Ninja when we would turn logging to high in order to diagnose problems (and you have to turn logging to high as the system logs only useless information in the low setting), the extra disk activity is a huge drain on system performance.  This alone is enough to make users complain.  But in order to get any useful information from the software, you have to perform this step.  Also, the queue folders often start to build as mail backs up into the queue.  Most of the time I am certain this is caused by Ninja or more specifically the SMTP event sink it uses.  Mail backs up into the SMTP queue folder and before you know it, you’ve got hundreds of messages stuck and not being delivered.  Of course you restart the services and try to clear the queue since its obviously a big deal, but then you don’t get any logging as to what caused the problem.  Support has no idea, and tells you to run a snapshot which is useless unless your logging level is set to high. 

Ninja also accounts for a large boost in disk activity, and shows a marked increase in the disk queue when viewed in perfmon.  This causes general GUI slowness and delays when opening MMC consoles. 

I will say that when Ninja works, it works well, but the slightest problem or glitch and your entire mail flow system can be affected.  I suppose this is a risk with any spam filter, but we’ve had a long history with Sunbelt products and it seems that the core issues we had with previous version of their spam filter have carried over into Ninja in one form or another. 

Sunbelt Exchange Archiver

I am working on evaluating trying to evaluate the new Sunbelt Exchange Archiver from Sunbelt Software.  It was just officially released yesterday (11–19–07) and made available for download from their website.  I went ahead and downloaded it yesterday, and spent most of my day today trying to get it installed and working so I can take a look at it first hand.  Right off the bat I had problems getting it installed.  The servers I’m using are test servers on an isolated network, so they are not routinely patched and maybe that is playing a role in my issues.  What I do know is that mcvcr71.dll was not properly registered and caused the installer to fail.  After giving up on fixing that for now, I went to another test server and trie the install.  On the second machine I got past the mcvcr71.dll issue and this time had an error when attempting to create a mailbox for the superuser account. 

I’m waiting for a call back from Sunbelt support to help me get the product installed.  I’m impressed by the software’s functionality and apparent ease of use.  I have a few questions about deploying it in a global diverse network, and need to get more information from them for testing and putting together a deployment plan.  I watched their hour long product walk through via LiveMeeting, and really liked what I saw.  I’ll post more about my experiences with this product as I go along.

Sunbelt Exchange Archiver

I am evaluating Sunbelt’s Exchange Archiver and have to say that I’m initially very impressed.  I just watched a webcast where they did a product walk-through and discussed all the various features of the product.  It appears to be very robust with several useful options many other archiving solutions do not have.  For my company, I think this could be a great addition to our infrastructure to help reduce storage of messages on the Exchange server and help reduce backup times.  It also makes archiving a back-end process eliminating quotas and manual archive methods and taking the responsability off the end user.  I am working on getting a demo of the software to try out in real life and may evaluate it on my own person Exchange system.  According to the website the archiver will be available for download on November 19th.

Another problem with McAfee mini-firewall

Yet again, I’ve run into a problem with the McAfee mini firewall component of the viruscan suite 8.0i. This time it has to do with email over SMTP. At my company we use I Hate Spam from sunbelt software as our SPAM filtering engine. We have a separate server running this IHS software as a gateway for incoming e-mail. Well, suddenly we started having problems receiving mail from IHS, it would queue at the IHS server, but would never get delivered to the exchange server. After a few days of diagnosis it was discovered that the McAfee mini-firewall was blocking the smtpsvc.exe and marking it as a worm. We had to add an exception for this service in McAfee to avoid having SMTP traffic stopped. This was a major pain and caused hours of downtime in my company for incoming e-mail. Makes me wish we were using Symantec rather than McAfee (which is my personal preference anyway).