Antigen for Lotus Domino™ Pre-Sales Questions
Overview
Q: Briefly describe Antigen 7.5 for Domino. A: Antigen 7.5 is a Domino server-based antivirus and content-management solution designed for Domino 6.X and 6.5.X environments. Antigen 7.5 contains an innovative architecture that provides for the scanning of messages prior to storage coupled with the use of multiple scan engine management. Antigen 7.5 includes features, performance and reliability that simply do not exist in any other competitor solution today. Antigen 7.5 is supported on Domino servers running on Windows. Antigen 7.5 is supported on Win/Intel platforms.
Q: Does Antigen 7.5 support all versions of Lotus Domino? A: Antigen 7.5 supports Domino 6.X, Domino 6.5.X.
Q: How many Antigen installations have been sold? A: Currently, Antigen is protecting over 9,000 organizations with a total of over 10 million seats and rising fast.
Q: How does Antigen compare with other antivirus products? A: Antigen provides superior protection through its unique architecture and innovative features:
· Antigen provides intelligent, high-performance, "in-memory" monitoring of Domino's message stream and all shared databases for the highest level of security against virus attacks.
· Antigen's Multiple Scan Engine Manager and multiple scan engines reduce single point of failure risks associated with almost all other products that rely solely on a single engine deployment.
· Antigen is NEVER off-line, even during product upgrades and scan-engine updates.
· Additional features include Content Management, the Antigen Policy Manager, WormPurge, and scanning and cleaning of multi-level zipped attachments.
· New Technology to stop SPAM by using the Sybari VCL (see link http: for more information)
Q: How is Antigen licensed? A: Antigen is available with a two-year renewable license based on the number of end users protected within an organization. Please contact Sales for current pricing. The Antigen license includes:
· Unlimited server license for the one or two-year license term.
· Four (4) Integrated Virus Scan Engines of Norman Data Defence, Sophos, Computer Associate and Support. (Note: Both CA virus engines are included as one. Customers can choose to purchase additional engines beyond the four included. The additional engines are Kaspersky, Virus Busters and Command)
· Electronic Notification Service.
· Unlimited virus engine / signature file updates via the Internet.
· Unlimited Technical Support via e-mail. (8:00 am - 8:00 pm Eastern Standard Time in the US and 9:00 am - 7:00 pm Central European Time in Europe.)
Please Note: Antigen upgrades/new releases and all virus signature file updates for all licensed scan engines are included for the duration of the license term. During migrations of Domino are also included in the duration of the license term.
Q: I am a licensed Antigen 6.0/7.0 customer running Domino on Windows NT/2000. Am I entitled to a free Antigen 7.5 upgrade? A: Yes but you can only upgrade to Antigen 7.5 from version 7.0, build 744 (or later). If you have an earlier version, you must upgrade to Antigen 7.0, build 744 before upgrading to version 7.5. Alternately, you can uninstall the older version and then install version 7.5. (Warning: if you uninstall the older product, ensure that you record all your Antigen settings, or they will be lost.).
Q: Can I use the Advanced Spam Manager for free when I upgrade?
A: Advanced Spam Manager is a separate module. Clients who want to use this module will need to contact our sales department. The Advanced Spam Module is not free of charge and is not included in the upgrade.
Q: I’ve only recently heard of Sybari, how long have you been in business? A: Sybari has been providing best-of-breed security solutions for groupware-based viruses and security threats since 1995. Sybari develops Antigen for Lotus Domino and Antigen for Microsoft Exchange. Today, over five million groupware seats are virus-free as a result of Sybari technology and products worldwide. Sybari's clients include Dell, Compaq, ABB, Bank of Austria, Bosch Siemens, Pirelli, JD Power, Amazon, Nortel, Visa, Tosco, Lufthansa, US Federal Government, Union Pacific, Wang Global/Getronics, and Texaco. Evaluation copies of Antigen for Lotus Domino or Antigen for Microsoft Exchange are available for download from the Sybari Web site http://www.sybari.com. Sybari's many strategic partners include Lotus Development (NYSE:IBM), Microsoft (Nasdaq:MSFT), and HP. Q: What operating systems can I use? Antigen 7.5 supports:
Intel
· Intel Pentium or compatible or higher processor.
· Microsoft Windows NT SP 4 or higher.
· Microsoft Windows 2000 SP 1 or higher.
· Lotus Domino 6.X and 6.5.X
Q: How can I obtain an evaluation copy of Antigen? A: Go to the Download section of Sybari's website and select the product you would like to evaluate. A thirty-day evaluation copy is available for download.
Customers are Asking. . .
Q: What's so new and exciting about Antigen 7.5? A: This new technology from Sybari includes:
· Antigen 7.5 supports 24x7 Domino server uptime. Recycling the server or tasks is not necessary during Antigen product upgrades or engine signature file updates.
· True real-time, in-memory scanning of Domino's message stream and shared databases for optimum server performance.
· Supports multi-threaded scan jobs.
· Multiple scan engine integration and management.
· Advanced Spam Manager
· Comprehensive perimeter protection against virus attacks including Net Store protection.
· Antigen supports multiple MAIL.BOXes and SCAN.BOXes.
· Active Content Management and File Filtering (by file type).
· Subject Line and Sender/Domain Name Filtering.
· WormPurge (entire message deletion).
· Antigen Policy Manager (Centralized Management)
· Support for SNMP Network Management Alerts.
· Scanning of digitally signed messages.
· Scanning and cleaning of multi-level zipped attachments and other nested attachments.
· Scanning of Macintosh file formats.
Q: How do your customers impact future enhancements? A: Greatly. Sybari Software is a customer-driven company. All feature enhancement requests are channeled to an internal team that qualifies the request. Requests can be submitted to ideas@sybari.com.
Q: Describe the mechanisms that are in place to notify customers of high-risk virus attacks, best practices, and critical updates. A: We provide an auto notification service to all of our customers. Sybari monitors virus activity 24/7 so that if a virus attack occurs, we will notify you.
Q: How often does Sybari publish virus signature file updates and how do we receive them? A: Sybari publishes updates required to provide up-to-the-minute protection for our customers. As a service to our customers, all scan engine updates can be automatically or manually downloaded from our website. We test and pre-package all scan engines and their respective virus signature files before they are published on our website.
Q: Does Sybari have a (workstation) antivirus product? A: No; Sybari remains focused on protecting messaging and collaboration environments.
Getting to know Antigen for Lotus Domino Q: What are the core components of Antigen?
1. Antigen AdministratorUser interface is a Domino database.
2. Antigen NWall ProcessReal-time, on-the-fly protection of the Domino message stream.
3. Antigen NScan ProcessOn-demand or scheduled scanning of all or individual databases and user mailboxes.
4. Antigen NShield ProcessReal-time, on-the-fly protection of all databases.
5. Antigen Incidents and Quarantine DatabaseRepository for all possible and confirmed viruses.
6. Antigen Content ManagementRules Based File Filtering by file extension, file type and name. Blocks active content such as hotspots, OLE objects, and Active X controls.
7. Antigen Policy ManagerThe Antigen Policy Manager provides centralized management and configuration of Antigen on all the Domino servers in the enterprise.
Additional Module
8. Advanced Spam Manager Advanced Spam Manager will block (purge or tag) unwanted e-mail (spam and phishing).
Q: Can Antigen handle a high volume of messages? A: Antigen is designed to run in different environments. The product is highly scalable, running in organizations with one or two Domino servers as well as organizations with hundreds of servers. The product has been designed to provide high performance even under heavy message load.
Q: How often do you post definition files? A: This varies depending on the scan engine vendor and current virus activity. Sybari pre-packages the current scan engines with their respective signature files as fast as our partner labs post them. Because you can license up to eight engines from eight different virus labs, our customers receive updates on average sooner than they can from single engine providers.
Q: When a Virus threat occurs, how fast do you post new pattern files? A: As soon as they are available from our virus engine vendors. Antigen’s file filtering allows you to take immediate action against virus threats before updates are available so that your system is always protected.
Q: When a Virus threat occurs, how do you notify your customers? A: An e-mail notification is distributed. Premium support customers may be contacted by additional means as well.
Q: Do all your virus engines include an auto update feature? A: Yes, Antigen will update scan engine and signature files as one package. These updates can be scheduled or initiated on demand by the administrator.
Q: Are there any known compatibility issues between Antigen and back-up software? A: No
Q: Does Antigen provide a feature to block unwanted file attachments from being delivered to or sent by users? A: Yes, this is accomplished with the Antigen File Filter (AFF). Antigen File Filtering can filter files by size, name, extension, and file type.
Q: I read that attacks can be carried out against antivirus software by nesting a large number of zipped files. Does Antigen allow the Administrator to decide how many nested compressed files will be scanned? A: Yes. If the number of nested attachments exceeds the setting, Antigen will delete the file and place a backup in the Quarantine Area.
Q: Can Antigen scan password protected Zip files? A: Yes Antigen is able to scan password protected zip files.
Q: Does Antigen perform "backup" actions on an attachment when a virus cannot be cleaned? A: Yes. Infected attachments that cannot be cleaned will be deleted. A copy of the infected attachment can be stored in the Antigen Quarantine Area for retrieval.
Administering Antigen Q: How much time is required to set-up Antigen on one Domino Server? A: Set-up time is typically less than five minutes
Q: Do you recommend launching a manual scan job (NScan) of all mail databases as soon as installation is complete? A: We recommend launching a manual scan job after installing Antigen. This will clean up any infected files that are stored in your various databases. NScan can also be launched to scan databases that are located on another server (Windows, AS/400, and OS/390).
Q: Do the real-time components of Antigen provide protection as soon as installation is complete? A: Yes, as you launch the Domino server, you will see many Antigen line entries. Antigen protects by binding its components to Domino's running tasks.
Q: Does your product offer the ability to pull updates and upgrades? A: Yes, Antigen can automatically or manually pull down new virus signature files and application upgrades through HTTP, FTP, UNC, or locally via a Notes database.
Q: Does Antigen provide protection of databases across trusted domains? A: Yes, Antigen's Trusted Scanning facility will eliminate redundant scanning of messages.
Q: Describe how your product works on a partitioned NT server running multiple Domino mail or application servers. A: Upon installation, Antigen detects if a partition exists and offers the administrator a choice to install on all partitions. Antigen runs and protects both environments simultaneously.
Q: Will Antigen work in a clustered Domino environment? How are cluster replication issues addressed? A: Yes. Upon installation, Antigen detects if a clustered environment exists and offers the administrator the option of installing on the entire cluster. Antigen protects the entire clustered environment, and its scanning functions are transparent to the cluster replicator.
Q: Please list each of Antigen's components and the functions they provide. A: Antigen 7.5 Components:
· Antigen Administrator User Interface is a Notes database used for configuring, monitoring, and troubleshooting all of the components of Antigen.
· Antigen NWall is designed to scan all Notes mail messages "on-the-fly," in real-time as they are routed through the organization. It is most commonly used as a barrier between the external network and the internal Notes mail system.
· Antigen NShield provides continuous, unobtrusive protection for Notes clients and Domino servers without user intervention. NShield works by monitoring all reads and writes to the Notes system.
· Antigen NScan provides user-initiated scanning of local databases and helps a Domino administrator insure that the Notes client and Domino server are virus-free. It differs from NShield in that it allows you to perform an active scan of the system as you work rather than waiting for documents to be read, written, or mailed. It can also be scheduled to run before or after scheduled database replications to insure a virus free environment or at any other time to suit the needs of your environment.
· Antigen's Incident and Quarantine Database is a separate Notes database that acts as a repository for all potential and confirmed viruses detected. The Quarantine area also includes False Alarm information and tracking. Administrators may also analyze and trace new and unknown viruses from this database.
· Antigen's Content Management component allows groupware systems to filter/block unwanted files by file type and/or file extension.
· Antigen Policy Manager provides centralized management and configuration of Antigen on all the Domino servers in the enterprise.
· Antigen Spam Manager provides protection against unwanted e-mails and phishing. With the integration of the Sybari VCL engine these types of attacks will be blocked at the Domino SMTP server.
Q: Please explain how Antigen 7.5 will affect the performance of my servers. A: Antigen is designed for Domino 6.X and 6.5.x to maintain maximum e-mail performance and throughput. To support this, we offer in-memory scanning, trusted scanning, incremental scanning (Multiple Engine Manager), and coordinated scanning, all of which can be defined as needed. In addition, its performance depends on the quality of the hardware. The administrative console is configurable to change performance depending on the environment.
Q: Is Antigen 7.5 equipped for centralized task management? A: Yes, Centralized Task Management provides for the administration of task files from remote machines. Antigen can be administered from remote machines through a Notes client. Administrators can display tasks and scan statistics and change settings to individual task files, including action to take on infection and scheduling functions.
Q: Is Antigen 7.5 equipped for centralized configuration management? A: Yes, the Antigen Policy Manager provides for the administration of Antigen settings on remote machines. Antigen can also perform automated virus signature/engine updates. Through Domino's replication services, these files will be automatically distributed to the appropriate directories on all other servers protected by Antigen. Administrators can schedule updates for all licensed scan engines. On-demand local updates and installation can be accomplished by the click of a button. Updates can be done via HTTP, FTP, UNC or notes database replication.
Q: Does Antigen 7.5 offer application policy management? A: No, not at this time. Remote configuration settings cannot be locked to prevent modification by unauthorized users and yet still allow for local task creation. However, through Domino's ACL, users can be prevented from disabling on-access scanning or changing the action to take on infection. In addition, specific file types can be included or excluded, email notification can be specified, and centralized logging can be managed with no worries that the user will disable or change the configuration.
Q: Does Antigen include password controls or other security mechanisms to prevent end users from modifying system settings? A: Since Antigen is integrated into Domino and runs as a Notes database, Domino's customer security policies are applied to Antigen.
Q: Detail the parameters that allow granular policy settings such as scanning for all new files, files with a certain extension, at start up, etc. A: Antigen is treated as a Notes database and policy settings are set by the Domino administrator. A Domino administrator configuring Antigen locally can block out file types and extensions through Antigen's Content Management feature.
Q: Does Antigen 7.5 offer centralized management capabilities? A: Yes. The Antigen Policy Manager can be used to manage Antigen on remote servers. The Policy Manager can be used to deploy settings to existing Antigen servers and to newly deployed Antigen servers.
Q: Describe how Antigen works when users replicate local mail files with the server copy. A: If the Antigen NShield component is enabled, it will continuously monitor and protect your network from potential viruses and software threats that may be introduced via Notes mail or replication. NShield works in real-time to detect and disable viruses as they attempt to enter or move through the system.
Administering Antigen
Q: Describe how Antigen works within a Domino/Notes security framework (e.g., ACL restrictions, encryption, user authentication issues, etc.) A: Since Antigen is integrated with Domino and runs as a Domino database, Domino's custom security policies (ACL) are applied to Antigen.
Q: Does Antigen integrate with LDAP? A: No.
Q: Does Antigen provide real-time protection of compressed files. A: Yes, Antigen is able to clean infected files that are stored in compressed files.
Q: How does Antigen handle virus notifications and the centralized collection/reporting of warnings and alerts? A: The incident notification facility is shared by NScan, NShield, and NWall and performs advanced notification services when a virus is found. Although the basic notification facility is quite simple, it can be extended into a very powerful tool where complex notification requirements exist. Note that all changes made to any notification page in the Antigen Administration database will take effect immediately. You do not need to restart any processes or the Domino server. The Antigen NShield and NWall statistics facility provides real-time feedback on Antigen operation. The statistics tracked are provided through the standard Notes statistics facility that is accessed from the server console with the command "show stat." The facility name refers to the name of the group of related statistics. NShield groups all of its statistics in the Antigen facility. Assuming NShield is loaded on a server, the command "show stat Antigen" will display all statistics. All incidents are saved in the Quarantine database. The Quarantine database can be replicated to one centralized database so that all incidents can be displayed in one view.
Q: What kind of file format does Antigen use for log files and can the files be exported to standard file formats? A: Native Notes NSF format. Yes, they can be exported to a standard file format.
Q: What kind of Ad Hoc reporting capabilities are inherent in Antigen's basic offering? A: Antigen logs its stats to the Notes.ini file, or by requesting the stats on the Domino console (show stat Antigen).
Q: Does Antigen offer alerting options such as email, pager, SNMP, configurable alerts, and phone notification? A: E-mail, yes; pager, no; SNMP, yes; configurable e-mail alerts, yes; phone notification, no.
Managing Multiple Scan Engines/Signature Files
Q: Which third party Scan Engines are integrated with and can be licensed for Antigen 7.5 (WinNT/2000/2003 Intel machines). A: Antigen is integrated with scan engines from Norman Data Defense, Computer Associates, Sophos, Kaspersky, Virus Busters and Command engine.
Technical Support Services
Q: Describe the technical support organization including repair, escalation, and severity procedures. A: Premium Support offers 24/7 Emergency Service. Standard Support is available by telephone and e-mail from 8am to 8pm Eastern Standard Time and 9am to 7pm European Central Time. High priority is given to "server down" situations and response time is usually 15 minutes or less. Tech support and development work hand-in-hand to resolve customer issues. Q: What technical support are you quoting as included in the purchase of an Antigen license?
A: Our license includes unlimited Support by e-mail. Telephone support and Premium Support are available as upgrades to the standard license. Q: Where can I find an Antigen Administrator's Guide? A: The Antigen 7.5 Administrator's Guide is included as a Notes Database in the product. A PDF version may also be downloaded from the "Products" area of our website. Q: What consulting services are available for configuring and customizing Antigen? A: Although Sybari does not offer formal consulting services, our Support engineers offer assistance for installation, configuration, and troubleshooting via telephone and e-mail. Sybari also has local partners who can provide on-site consulting. Q: Do you provide your own support or use partnerships with other companies? A: Sybari provides both direct support and support through local partners.