Products > GFI MailDefense Suite for Exchange/SMTP/Lotus > Why choose GFI MailDefense Suite as your anti-spam solution?

The best-selling server-based anti-spam solution
These are some of the key reasons why GFI MailEssentials is currently the best-selling server-based anti-spam solution:

1. Highest spam detection rate (98%) using Bayesian filtering
2. Lowest false positives through a patented automatic whitelist feature and a tailored ham & spam database
3. Allows users to review email marked as spam from a folder in their own inbox
4. Server-based, no client component
5. Unbeatable pricing: USD 1156.80 for 100 mailboxes, USD 6408 for 1000 mailboxes.

Highest spam detection rate (98%) using Bayesian filtering
Bayesian filtering is widely acknowledged by leading experts and publications to be the best way to catch spam (see links below). A Bayesian filter uses a mathematical approach based on known spam and ham (valid email). This gives it a tremendous advantage over other spam solutions that just check for keywords or rely on downloading signatures of known spam. GFI's Bayesian filter uses an advanced mathematical formula and a data set which is 'custom- created' for your installation: The spam data is continuously updated by GFI and is automatically downloaded by GFI MailEssentials, whereas the ham data (valid email) is automatically collected from your outbound mail. This means that the Bayesian filter is constantly learning new spam tricks, and signifies that spammers cannot circumvent the dataset used. This has resulted in 98+% spam detection rate, after the required two-week learning period.

In short, Bayesian filtering has the following advantages:

1. Looks at the whole spam message, not just keywords or known spam signatures
2. Learns from your outbound email (ham) and therefore reduces false positives greatly
3. Adapts itself over time by learning about new spam and new valid email
4. Dataset is unique to company, making it impossible to bypass
5. Multilingual and international
6. Hard to trick.

The effectiveness of the Bayesian filter, and its omission by many products has caused some 'anti-spam companies' to try and put this technology in a bad light! Don't be fooled: Bayesian filtering is the best way to detect spam. For more information, check out GFI's white paper at http://www.gfi.com/mes/why-bayesian-filtering.pdf or these independent articles on Bayesian filtering:

• Articles by Bayesian guru Paul Graham: "A plan for spam" and "So far, so good"
• BBC report: "How to spot and stop spam"
• Other articles: "Sorting the ham from the spam", "Understanding Bayesian Analysis" and "Bayesian Spam Filtering".

Lowest false positives through a patented automatic whitelist feature and a tailored ham & spam database
GFI MailEssentials has the lowest rate of false positives. This is due to two reasons: First of all, GFI MailEssentials uses a patented automatic whitelist feature, which automatically analyses your outbound mail and creates a whitelist (i.e., a list of email users from whom mail will never be marked as spam); secondly GFI MailEssentials tailors its Bayesian filter dataset to your company's email 'habits' and is therefore much more refined in tagging spam.

Allows users to review email marked as spam from a folder in their own inbox
With GFI MailEssentials, users can easily review mail marked as spam. Spam is forwarded to three subfolders - Bayesian, Header and Keyword - depending on which module tagged the mail as spam. From these subfolders in their inbox, users can easily check that all spam is actually spam.

There is therefore no need for users to log in to an HTML website and review their email marked as spam online; this method is very cumbersome for the user and results in additional support for the administrator.

Server-based, no client component
GFI MailEssentials installs on or in front of your mail server and does not require client software. Many anti-spam solutions include a client component, such as a set of Outlook forms that are required by users to 'manage' their spam. This results in the administrator having to train and support end-users in this task. GFI MailEssentials is completely transparent to the user and little involvement by the user is required.

Unbeatable pricing: USD 1156.80 for 100 mailboxes, USD 6408 for 1000 mailboxes
GFI's experience in the development of content filtering/anti-spam software, has allowed us to make a piece of software that is very compact and easy to deploy. Because GFI sells thousands of units each month, we are able to keep the price very low.

The #1 selling server anti-spam solution
GFI MailEssentials is the most popular anti-spam server solution. GFI MailEssentials protects over 80,000 servers worldwide.

These are some of the key reasons why GFI MailSecurity is the ideal choice to protect against email viruses, trojans and malware:

• Multiple virus engines guarantee higher detection rate and faster response
• Unique Trojan & Executable Scanner detects malicious executables without need for virus updates
• Email Exploit Engine and HTML Sanitizer disable email exploits & HTML scripts
• Unbeatable price: USD 346 (25), USD 1104 (100) and USD 7284 (1000) mailboxes.

Why you need multiple virus engines
With each new virus outbreak, studies increasingly show that different virus engines have widely differing response times to the latest threat. Dependence on a virus engine that responds to a new threat after 9 hours rather than doing so immediately drastically increases your chances of being infected.

Besides, no single anti-virus engine can fully protect against all possible email threats: Each virus scanner has its own strengths and weaknesses. For example, when the MyDoom virus hit, some virus vendors were faster than others to release signatures against this new threat. The difference was a matter of hours; yet, as many discovered at great expense, that is more than enough time for a network to be infected.

Given the inability of any individual anti-virus engine to be the fastest to respond each time round and to provide full coverage against ALL email attacks, logic dictates that combining multiple engines will provide a more complete solution. In simple terms, if anti-virus products X and Y - each stronger in one area but weaker in another - are used together, their joint strength is likely to cover a wider range of security threats, and this way they can counteract each other's weak points. Having multiple scanners at mail server level makes up for the differences in response time between different virus engines and decreases the average response time, thereby greatly reducing the chance of virus infection.

The use of multiple virus engines also enables security administrators to be vendor independent when it comes to virus scanning, allowing them to use the best of breed virus engines available on the market.

Why you need an executable and trojan analyzer
The recent Novarg virus probably illustrates best of all why you need an executable and trojan analyzer: because of the characteristics of this virus, GFI MailSecurity detected that it was a malicious executable without the need for any virus signature updates. While virus vendors were preparing and deploying updates to detect Novarg, GFI MailSecurity users were already protected from the Novarg virus. It can take several hours to update and deploy signature files, and this can be too late for your network!

The difference between a virus engine and the Trojan & Executable Scanner
Because anti-virus software is signature-based, it can only detect known viruses and trojans, and is therefore unable to detect new viruses such as Novarg without new signature files. GFI MailSecurity's Trojan & Executable Scanner takes a different approach: Rather than relying on signatures, it uses patented, built-in intelligence to rate an executable's risk level. It does this by disassembling the executable, detecting in real time what it might do, and comparing its actions to a database of malicious actions. This way, GFI MailSecurity can detect unknown viruses and trojans before they enter the network – and before anti-virus engine vendors have issued signatures against them. Using this technique, GFI MailSecurity can also detect one-off trojans or malware - targeted towards a specific user to obtain particular information. Because these are one-off threats, anti-virus software will never recognize them.

Why you need an email exploit shield
An exploit uses known vulnerabilities in applications or operating systems to execute a program or code. It "exploits" a feature of a program or the operating system for its own use, such as to execute arbitrary machine code, read/write files on the hard disk, or gain illicit access. An email exploit is an exploit that is embedded in an email and can be executed on the recipient's machine once the user opens or receives the email. This allows the hacker to bypass most firewalls and anti-virus products.

GFI MailSecurity's Email Exploit Engine identifies emails that contain exploits. GFI SecurityLabs conducts research in the hacker community to identify new exploits and incorporate them in this exploit engine. The exploit shield can then protect against any new virus that is based on an exploit.

A case in point concerns the Nimda, BadTrans.B and Klez viruses, which all use the same exploit to propagate. Yet, when the BadTrans.B virus emerged, those who had anti-virus protection against Nimda were defenseless against BadTrans.B and needed a new definition file update to block it. And when Klez appeared, anti-virus vendors again had to issue an update to protect against that. In contrast, an email exploit detection engine recognizes the exploit used and can block all three worms immediately and automatically, without the need for definition file updates.

To find out more, see "Why you need an email exploit detection engine: Networks must supplement anti-virus protection for maximum security" at http://www.gfi.com/whitepapers/why-email-exploit-detection.pdf.

Why you need an HTML threat engine
Nowadays, all email clients can send and receive HTML email. HTML email can include scripts and Active Content, for example JavaScript and ActiveX controls, which can allow programs or code to be executed on the client machine. GFI's patented HTML Sanitizer analyzes HTML email for HTML scripts and Active Content. It disables any detected scripts and forwards the now harmless email to the recipient, without affecting formatting or images. Other products convert HTML email to text that makes it unreadable, rendering this feature unusable.

Unbeatable pricing: USD 622.20 for 50 mailboxes, USD 1104 for 100 mailboxes, USD 7284 for 1000 mailboxes
GFI's experience in the development of email content security for Exchange Server, has enabled us to make a piece of software that is very compact and easy to deploy. Because GFI sells thousands of units each month, we are able to keep the price low.