한국 트렌드마이크로 June.2004 Choi, Yong ScanMail® for MS Exchange v6.2 ( MS Exchange를 위한 사전 바이러스 방역 & 컨텐츠 보안 솔루션 ) 한국 트렌드마이크로 June.2004 Choi, Yong
Agenda ScanMail Exchange 2000 소개 ScanMail Exchange 제품 특징 도입 효과 Summary
사전 바이러스 방역과 Messaging 및 관련 만약 당신의 회사에 다음과 같은 사항들이 필요하다면…. 중앙관리 확장성과 안정성을 갖춘 바이러스 백신 최신 바이러스 방역 사전 바이러스 방역과 Messaging 및 관련 시스템에 대한 컨텐츠 보안 (Note to speaker: Click mouse to animate each item) If your enterprise needs … * A high performance, scalable and reliable antivirus solution * Proactive antivirus and content security for messaging and collaboration systems * The ability to have centrally managed virus scanning, virus pattern updates, event reporting and system configuration * Latest available antivirus solutions backed by ISO 9002-certified global research and technical support * Easy to manage solutions The solution is ScanMail for Exchange 2000 with eManager ScanMail for Exchange 2000 was named the winner of the Best Solutions award at the Microsoft Exchange and Collaboration Conference held in October 2000. 용이한 관리 솔루션 Solution = ScanMail for Exchange + eManager
ScanMail + eManager 는 Exchange 서버로 들어오는 유해 컨텐츠 방역 Internet Hack!! Virus Worm Trojan ScanMail + eManager Spam ScanMail + eManager Exchange 2000 Server (Note to speaker: Click mouse to animate each item) Stop mixed and hybrid threats from entering Exchange 2000 environment using multiple technologies and tools Mixed and hybrid solution including scanning and filtering for: Attachment type, extension and file format Virus, Trojan Horses, Worms, Mass Mailing Malicious VB scripts and Java Scripts Denial of Service attacks packages – DOS Inappropriate and un-solicited content inside message and attachment Automatically provide instant protection against new threats through Trend Micro’s proactive Red-Alert process, Content and anti-spam Filter, Active Message Filter and Attachment Blocking Deployment of new virus outbreak solutions across all Exchange 2000 servers through its group management and configuration built into Trend Virus Control System Multiple antivirus and content security technologies to protect the Microsoft Exchange 2000 Server from many types of malicious content threats, as well as different protocols passing to and from the Exchange 2000 environment Provide a worry free antivirus solution for Exchange 2000 environment for IT Administrators by implementing field proven Trend Micro and Microsoft Exchange 2000 technologies Microsoft virus-scanning API 2.0 technology Microsoft Windows 2000 Clustering Technology Microsoft CDO/ADO technology Trend Micro Virus Scan API Technology Trend Micro MacroTrap and ScriptTrap Technology Trend Micro Content and Anti-spam Technology Trend Micro 24x7 ISO 9002 Certification Support Process Hack!! Virus Trojan Worm Spam
ScanMail for Exchange 2000 특징(1) 스캔메일은 웹 기반의 중앙관리 콘솔인 TMCM을 통해 업계에서 유일하게 중앙 관리, 운용이 가능한 익스체인지 용 바이러스 백신 제품이다. 관리자는 전사적으로 그룹 세팅, 로그 작성, 새로운 엔진 배포 등의 작업을 중앙에서 운용할 수 있다. Remote Management via ScanMail’s Windows or Web-based Console or TVCS Enables Exchange administrators to quickly and easily manage and deploy the latest scan engine and pattern file across the ENTIRE Microsoft Exchange 2000 environment REGARDLESS of platform or physical location Exchange administrators can easily perform group configuration of any ScanMail option across the Exchange 2000 environment Exchange administrators can create consolidated logs and reports, gather information about the latest virus outbreak or check the status of all ScanMail servers across the entire network Remote deployment of ScanMail to single or multiple Exchange 2000 servers at the same time ScanMail is the only product in the market to provide this flexibility This saves time, resources and ensures that administrators can quickly implement our solution to protect their Exchange 2000 environment
ScanMail for Exchange 2000 특징(2) ScanMail 자가진단(eDiagnostic) 툴 ScanMail은 업계에 입증된 기술력으로 Mass mailing 메일과 첨부파일을 검색하여 삭제하거나 Blocking 할 수 있다. 또한 들어오고 나가는 트래픽과 SMTP, HTTP, MAPI, POP3, IMAP4 프로토콜을 지원한다. Exchange Frontend 와 Backend serevr 지원 모든 프로토콜의 사전 방역 기능 모든 Microsoft Exchange 데이터베이스 사전 방역 ScanMail Server Status ScanMail is the only product in the market that provides a real-time heart-beat monitor of its scanning process to ensure that Exchange 2000 is always protected ScanMail eDiagnostic Tool ScanMail provides built-in diagnostic tools that help Exchange Administrator to quickly identify any problem with ScanMail problem ScanMail is the only product for Exchange 2000 that uses field proven Exchange 2000 technologies to block and delete the mass mailing emails and attachments from both inbound and outbound traffic, and that supports all the protocols coming to Exchange 2000 environment, including SMTP, HTTP, MAPI, POP3 and IMAP4 Our competitors only support blocking of SMTP but does not support HTTP, MAPI, POP3 or IMAP4 protocols Any virus detected via these protocols will adversely affect the productivity of users and the Exchange 2000 servers because it can not delete the content and attachment, since OWA will be the most common protocols use by enterprise customers when migrating to Exchange 2000 Proactively scanning of all protocols Proactively protects all inbound and outbound Microsoft Exchange 2000 messaging protocols including SMTP, HTTP, MAPI, POP3, IMAP4 and IFS in real time Proactively protects all Exchange 2000 Databases Enhances Microsoft Exchange 2000 Messaging and Collaboration platform by integrating and scanning with field-proven Microsoft and Trend Micro technologies and preserves the integrities of the attachment, message, and web store databases including .EDB and .STM
ScanMail for Exchange 2000 특징(3) ScanMail 과 eManager는 설치 동안에 다른 윈도우 2000, 2003 server 와 Exchange 서비스에 대한 의존성이 전혀 없어 컴퓨터 가동, 메시지 플로우, 커뮤니케이션을 중단할 필요 없이 지속할 수 있다. Windows 2000 Advanced Server 클러스터링 기술 Exchange 2000 virus-scanning API 2.5 기술을 통한 전면적인 지원 ScanMail and eManager have no dependency on other Windows 2000 or Microsoft Exchange 2000 Services during the installation – ensuring continuous uptime, message flow and communication on Exchange 2000 environment Exchange Administrators can deploy ScanMail and eManager anytime without impacting the message flow Exchange Administrators don’t have to worry about Exchange 2000 services not starting because a particular service of the antivirus product did not start-up properly Exchange Administrators can update their Exchange 2000 Server anytime without affecting the antivirus product Our competitors have dependency on Microsoft Windows 2000 and Microsoft Exchange 2000 Services during installation Windows 2000 Advanced Server Clustering Technology Ensures a virus free environment during fail-over Supports both active/active and active/passive clustering Ensures 24x7 uptime of Exchange 2000 messaging and collaboration Supports the front-end back-end configuration for Microsoft Exchange 2000 ASP and ISP email hosting Full support for the Exchange 2000 virus-scanning API 2.0 technology Proven technology built for Exchange 2000 virus scanning Closely integrates with the Microsoft Exchange 2000 Information Store Service to ensure transparent scanning of malicious content threats in attachments and messages Ensures and preserve the integrity of messages, attachments and the web store databases Ensures full access to all mail properties for notification, logging and reporting
ScanMail for Exchange 2000 특징(4) 실시간 멀티 쓰레드 메모리 스캐닝 수동검색 및 예약 검색 시 첨부파일과 메시지 내용의 실시간 검색 속도 강화 Exchange 서버 환경 내에서 리소스와 메모리 사용을 최소화 함으로써 익스체인지 서버에 주는 영향 최소화 ScanMail 은 멀티 쓰레드 검색 아케텍쳐를 통해 Microsoft Exchange 에서 발생할 수 있는 이메일 바이러스를 사이즈에 관계없이 방역할 수 있는 확장성을 갖추고 있다. 이러한 멀티쓰레드 기능은 서버 성능과 메시지 플로우에도 부정적인 영향을 주지않고 정상적으로 동작하게 한다.
Active Message Filter Active Message Filter – 0 바이트 첨부파일 및 감염된 메시지 삭제 기능 제공. WORM_KLEZ, WORM_LOVGATE 등 바이러스가 생성시켜서 발송하는 스팸형태의 메일메세지 삭제 기능 Attachment blocking filter – 특정 확장명 또는 특정 파일명의 첨부화일에 대하여 바이러스 유무에 관계없이 삭제 Active Message Filter Ability to delete zero byte attachments and messages from leaving or entering Exchange 2000 server – via SMTP, HTTP, MAPI, POP3 and IMAP4 Ensuring the Exchange 2000 message flow will continue and not be affected by a virus outbreak Ensuring the user mailbox are not affected by a virus outbreak Minimize calls to the IT help desk and resource constrain during virus outbreaks Ensure there will be no impact on end user productivity during virus outbreaks Prevent virus outbreaks inside Exchange 2000 environment On-access scanning – Ensures 100% scanning of new virus threats before scan engine or pattern file are up to date Ensures 100% scanning of attachments and messages before end users can open them Minimize un-necessary manual and scheduled scans of the Web Store databases Prevent virus outbreak inside Exchange 2000 environment Attachment Blocking Filter Ensure 100% scanning and blocking of attachment regardless of the file extension or file name Attachment blocking also support “wild-card” for easy, flexible configuration and maximum protection
Quarantine Manager (1) 격리된 메일메세지 확인/ 재발송 - 바이러스가 발견되어 격리시킨 메일메세지의 로그를 확인할 수 있으며, 필요한 경우 재발송(Resend)할 수 있다. Active Message Filter Ability to delete zero byte attachments and messages from leaving or entering Exchange 2000 server – via SMTP, HTTP, MAPI, POP3 and IMAP4 Ensuring the Exchange 2000 message flow will continue and not be affected by a virus outbreak Ensuring the user mailbox are not affected by a virus outbreak Minimize calls to the IT help desk and resource constrain during virus outbreaks Ensure there will be no impact on end user productivity during virus outbreaks Prevent virus outbreaks inside Exchange 2000 environment On-access scanning – Ensures 100% scanning of new virus threats before scan engine or pattern file are up to date Ensures 100% scanning of attachments and messages before end users can open them Minimize un-necessary manual and scheduled scans of the Web Store databases Prevent virus outbreak inside Exchange 2000 environment Attachment Blocking Filter Ensure 100% scanning and blocking of attachment regardless of the file extension or file name Attachment blocking also support “wild-card” for easy, flexible configuration and maximum protection
Quarantine Manager (2) Quarantine Maintenance – 격리된 메일메세지의 보관 주기를 설정하여 최근 몇 일간의 메일메세지만 격리보관토록 하므로써 서버의 디스크 사용량에 융통성을 기할 수 있다. Active Message Filter Ability to delete zero byte attachments and messages from leaving or entering Exchange 2000 server – via SMTP, HTTP, MAPI, POP3 and IMAP4 Ensuring the Exchange 2000 message flow will continue and not be affected by a virus outbreak Ensuring the user mailbox are not affected by a virus outbreak Minimize calls to the IT help desk and resource constrain during virus outbreaks Ensure there will be no impact on end user productivity during virus outbreaks Prevent virus outbreaks inside Exchange 2000 environment On-access scanning – Ensures 100% scanning of new virus threats before scan engine or pattern file are up to date Ensures 100% scanning of attachments and messages before end users can open them Minimize un-necessary manual and scheduled scans of the Web Store databases Prevent virus outbreak inside Exchange 2000 environment Attachment Blocking Filter Ensure 100% scanning and blocking of attachment regardless of the file extension or file name Attachment blocking also support “wild-card” for easy, flexible configuration and maximum protection
ScanMail Web Console (1) 웹브라우져를 이용한 관리 콘솔 – GUI 콘솔과 함께 제공되는 웹 관리 콘솔에서는 GUI 콘솔에서 설정할 수 있는 모든 제어가 가능하다. IIS 와 별도로 운영 – MS Internet Information Server 와 별도로 운영되는 자체 웹데몬으로 작동되며, 16372 포트를 사용 Active Message Filter Ability to delete zero byte attachments and messages from leaving or entering Exchange 2000 server – via SMTP, HTTP, MAPI, POP3 and IMAP4 Ensuring the Exchange 2000 message flow will continue and not be affected by a virus outbreak Ensuring the user mailbox are not affected by a virus outbreak Minimize calls to the IT help desk and resource constrain during virus outbreaks Ensure there will be no impact on end user productivity during virus outbreaks Prevent virus outbreaks inside Exchange 2000 environment On-access scanning – Ensures 100% scanning of new virus threats before scan engine or pattern file are up to date Ensures 100% scanning of attachments and messages before end users can open them Minimize un-necessary manual and scheduled scans of the Web Store databases Prevent virus outbreak inside Exchange 2000 environment Attachment Blocking Filter Ensure 100% scanning and blocking of attachment regardless of the file extension or file name Attachment blocking also support “wild-card” for easy, flexible configuration and maximum protection
ScanMail Web Console (2) Trust IP Zone 설정 – 웹 관리콘솔에 접근할 수 있는 IP 주소와 IP 영역을 설정하는 Access List 기능을 제공하여 웹 관리콘솔에 대한 보안 기능 강화 Active Message Filter Ability to delete zero byte attachments and messages from leaving or entering Exchange 2000 server – via SMTP, HTTP, MAPI, POP3 and IMAP4 Ensuring the Exchange 2000 message flow will continue and not be affected by a virus outbreak Ensuring the user mailbox are not affected by a virus outbreak Minimize calls to the IT help desk and resource constrain during virus outbreaks Ensure there will be no impact on end user productivity during virus outbreaks Prevent virus outbreaks inside Exchange 2000 environment On-access scanning – Ensures 100% scanning of new virus threats before scan engine or pattern file are up to date Ensures 100% scanning of attachments and messages before end users can open them Minimize un-necessary manual and scheduled scans of the Web Store databases Prevent virus outbreak inside Exchange 2000 environment Attachment Blocking Filter Ensure 100% scanning and blocking of attachment regardless of the file extension or file name Attachment blocking also support “wild-card” for easy, flexible configuration and maximum protection
Plug-In eManager ScanMail은 바이러스 방역 뿐만 아니라 컨텐츠 필터링 및 스팸메일 차단 기능을 플러그인 할 수 있는 업계 유일한 바이러스 백신 제품. 메시지, 컨텐츠, 파일 크기를 컨트롤 할 수 있어 예외적인 정책도 수행하기 편리한 유연한 구성 들어오고 나가는 이메일 첨부파일 및 이메일 내용의 컨텐츠의 필터링, 스팸메일 차단 100% 보장 ScanMail 관리 콘솔에서 쉽게 enable, disable 할 수 있는 편리한 구성으로 관리자 선택에 따른 유연성 보장 관리자가 데이터베이스 저장고에서 수동으로 특정 컨텐츠와 첨부파일을 삭제, 이동할 수 있도록 유연하게 구성
• Microsoft Certificate 제품 도입 효과 (1) • Microsoft Certificate Exchange5.5/2000 Server의 ESE API/AVAPI/MAPI 모두 지원 Windows2000 Advanced Server Clustering 연동 • 메일의 실시간 검색 송수신 이메일 첨부파일의 바이러스 실시간 검색 사용자가 접근하기 전에 모든 첨부파일을 우선 검사하고 첨부화일의 감염여부 확인 사용자 메일 DB 뿐 아니라 Application DB 내용까지 자동 검색 및 치료 • 중앙 관리를 통한 서버 운영비 절감 원격지 서버의 ScanMail까지 관리자의 단일 Client에서 관리 가능 패턴 업데이트, 바이러스 로그의 원격 관리 가능
제품 도입 효과(2) • 강력한 바이러스 검색 기능 • Contents Filter 기능 제공 • 자동 업데이트 기능 제공 치료 전 바이러스 감염 파일 백업 기능 제공 미치료 파일 및 메일에 대한 차단(Blocking)기능 • Contents Filter 기능 제공 첨부 파일명과 메시지 제목에 따른 메시지 컨텐츠 필터 기능 제공 • 자동 업데이트 기능 제공 인터넷 또는 다른 Domino서버와의 복제를 통한 자동 패턴 업데이트 기능 제공 • 바이러스 감염 로그 통계 기능 기간별로 검색된 바이러스 및 감염된 사용자에 대한 챠트 보고서 및 통계 보고서
ScanMail Exchange Suit 적용을 통한 도입 효과 중앙 관리 (로그작성, 그룹세팅, 전사적관리) 컨텐츠 필터링 스팸메일 차단 Active Message Filter (감염파일 삭제, mass mailing 바이러스 블럭킹) 첨부파일 검색 첨부파일 내용 검색 멀티쓰레드 스캐닝 메모리 스캐닝 정책 수행을 위한 유연한 구성 스팸메일 자동 업데이트 ScanMail for Exchange Anti-Virus eManager 컨텐츠필터
Summary ScanMail for Exchange v6.2 과 ScanMail eManager v5.12 는 Microsoft Exchange 환경에서 IT 매니저들의 가장 큰 관심인 이메일 보안을 책임질 수 있는 확실한 솔루션을 제공한다. 새로운 바이러스 위협과 차세대 유해 컨텐츠 위협 방역 Exchange 환경에서 퍼포먼스에 영향을 주는 요소 최소화 모든 검색 옵션과 리포팅에 있어서 중앙관리가 가능한 Exchange 관리자 기능 제공 Preventing new virus threats and next generation malicious content threats from entering Exchange 2000 environment using ScanMail eManager Content and Anti-spam Technology, Active Message Filter Technology, Attachment Blocking Filter Technology, and Trend Micro Multi-threaded Virus Scan Engine (Macro Trap and ScripTrap Technology) Ensuring minimum performance impact on the Exchange 2000 environment by blocking, deleting, and filtering messages, contents and attachments using ScanMail’s Active Message Filtering technology and ScanMail eManager Content and Anti-spam technology, as well as multi-threaded memory scanning Providing Exchange Administrators centralized and complete control of all scan options and reporting from either Web or Windows interface, or from Trend VCS, from virtually anywhere regardless of platform or physical location