A: GEE Whiz 2.1

1. Runs with GroupWise and NetMail on NetWare and LINUX.
2. Can be installed as an SMTP gateway.
3. Can be combined with the other members of the GWAVA family to create a “Virtual Fortress” around GroupWise: SMTP, GWIA, MTA/POA or NetMail (SMTP, Queue One and Message Store)
4. Entirely new scripting engine that allows the administrator to control the flow of GEE Whiz message analysis, delivery and processing logic
5. Uses a new textual classifier that significantly enhances Bayesian effectiveness – multi-word cross comparison rather than single phrase analysis – requires a minimal number of emails
6. Allows for the creation of custom web-based or desktop-based user interfaces
7. SSL support
8. Auto-update option – web service
9. Full SMP support on all platforms
10. Full SpamAssassin support – including Meta rules
11. Advanced rule editor allows the creation of complex filters - similar to GroupWise rule editor

A: The process to update GEE Whiz is identified on page 34 of the "Gee Whiz 2.0 Quickstart Guide".

In summary, you will:

1. Unload GEE2 and GEE2WEB. Mail will not be processed during the upgrade process but it will be queued so that once GEE Whiz is restarted all queued mail will be processed.
2. Run the GEE2 update installer which will check for a new version of the installer. It should find one and download it. You will have to rerun the GEE2 update installer to install the update to your server.
3. Run the GEE2WEB update installer which will check for a new version of the installer. It should find one and download it. You will have to rerun the GEE2 update installer to install the update to your server.
4. Load GEE2 and wait until it has fully initialized.
5. Load GEE2WEB.
6. Login into the GEE2 Web Admin Panel and confirm all of your settings. Please note that the GUI has been changed. To activate the menu system, click on the "Menu" button in the upper left corner of the current page.

A: You'll need to be able to make outgoing connections on port 35000 to 209.115.221.4

A:

There are three types of products that provide virus detection enabling and spam filter services to GroupWise: hardware or software "appliances" or out-sourced services that work with all types of email, products that work at the GWIA level using the "third" directory option, and products that work at the POA-MTA level.

The products that work at the GWIA level actually copy the attachment from the "third" directory to another directory that can be on the NetWare server or on another server/workstation which is where the virus scan engine scans the attachments for viruses. If there are no viruses, the product then moves the attachment and email to the GWIA\RECEIVE directory to be processed by the MTA, the POA and delivered to the client.

These products work with various virus scanning products that run on the selected platform. Anti-Virus product vendors include McAfee, Panda, Trend Micro, Norton (Symantec), Sophos, Kaspersky and Norman.

The major difference between the different GWIA-based products is where the anti-virus scan enabling physically occurs: on a separate Windows Server or LINUX server or directly on your NetWare GWIA server. Guinevere, the oldest anti-virus/anti-spam product for GroupWise (www.gwava.com) requires a separate Windows-based machine to run the anti-virus scan enabling software. Guinevere has by far the largest installation base because Guinevere was one of the first products to allow anti-virus scan enabling for GroupWise and the developer has done a good job of evolving his product. Writing Guinevere as a Windows application provided the developer the advantage that it was quite a bit easier to write a Windows-based application than a NetWare-based solution for anti-virus/anti-spam detection for GroupWise. In those GroupWise environments where GWIA runs on Windows NT/2000 (a very small portion of GroupWise installations), Guinevere provides an anti-virus scan enabling solution that can run on the same server as the GWIA.

However, it is fair to say that the vast majority of GWIA implementations run on Netware. A large number of customers have indicated they would much rather have the virus scan detection and spam prevention done directly on their NetWare servers instead of being required to send this off to a separate machine. Many network adminstrators don't want to deal with the additional costs, installation, configuration, software updates, service packs, instability and management associated with having a Windows machine babysit their NetWare GWIA (and some just think it's a bit silly!). To satisfy this market, a number of companies, including ours, have developed anti-virus enabling software solutions that run directly on NetWare (4.11 - 6.x). There are a number of advantages with this type of solution. The most important advantages are the ease of installation, management, stability, and significant cost savings and Return on Investment achieved by not having to add and manage extra hardware and another Operating System. No blue screens of death!

Another advantage is SPEED! We have not been able to overload our GEE anti-virus enabling engine under any test circumstances. GEE has handled everything we have thrown at it - up to 100,000 messages an hour! GEE Whiz has been tested to support up to 6,000 emails an hour on a modest PIII 450, 512 Megabyte server. One of the disadvantages of writing software to run as NetWare NLMs is often the lack of a rich mangement/configuration interface. We have overcome this limitation by loading a small footprint web server that runs on NetWare. This allows GEE (anti-virus programme) and GEE Whiz (anti-virus and anti-spam programme) to be administered from a browser. Pretty cool solution if you ask me!

A: There are three major strategies for implementing anti-spam detection:
1. Creating lists of domains, known spam addresses, or key word filters.
2. Using spam detection based on rules that determine a "probability" of spam.
3. Implementing Bayesian Classifier Filtering and other heuristics.

The evolution of spam detection is similar to that of web site blocking. Web site blocking started out with administrators creating lists of URLs or key words to block because that was the only way to prevent users from visiting inappropriate web sites. This list or key word method has evolved to where companies have moved on from that approach and are using website analysis algorithms to block sites rather than LONG lists. The biggest problem with lists is they have to be created, managed, become HUGE over time and eventually become an administrative nightmare. Over time, the "list" or "key word" approach or Administrator managed "quarantine" solutions are unmanageable.

A: Bayesian Decision Theory is one method used to solve Pattern Recognition problems, when those problems are posed in a particular way.

Suppose that an observer is standing over a conveyer belt that leads into a grocery store. The belt carries 2 types of fruits - oranges and apples. It is up to the observer to determine which of the 2 fruits is on the belt at a particular moment. For humans and for machines, this is done by examining certain features of the fruits and then classifying them as either an orange or an apple based on those features. This is exactly a pattern classification problem. If the fruits enter the store at random, and we have no other information, then the only way to classify a certain fruit would be by guessing.

Bayesian decision theory plays a role when there is some a prioi information about the things we are trying to classify.

For example, suppose that you didn't know anything about the fruits, but you knew that 80% of the fruits that the conveyer belt carried were apples, and the rest were oranges. If this is the only information that you are given in order to make your decision, then you would want to classify a random fruit as an apple. The a priori information in this case is the probabilities of either an apple or an orange being on the conveyer belt. If a decision must be made with so little information, it makes sense to use the following rule:

Decide 'apple' if P(apple) > P(orange), otherwise, decide 'orange'. Where P(apple) is the probability of their being an apple on the belt. In this case, P(apple) = 0.8 (80%). This may seem strange, because if you use this rule, then you will classify every random fruit as an apple. But by doing this, you still ensure that you will be right about 80% of the time.

The above example is very simple, and should just be used to understand the basic idea of a pattern recognition problem involving some probability information. In general, there is a lot more known about the things we are trying to classify. For example, we may know that most apples are red, and therefore if we observe a red fruit, we should classify it as an apple. In this case, we could then use the colour of the fruit to determine what it is. We would usually also have the probability distribution of the colour property for apples and oranges. This means we would know exactly how rare it is for there an orange to have the same colour as your typical apple. Obviosly this is important, because if oranges were more or less the same colour as apples then this feature would not be very useful to a pattern classifier. These probability distributions play an important role in formalizing the decision rule.

A: GEE Whiz uses a number of different options:
1. False positives occur when SA determines that an email is spam when, in fact, it isn't. SA or similar heuristic/rules-based programmes may rate emails as spam for an employee, but the employee might not consider them spam because he/she wants to receive these emails (the GroupWise mail list, for example). What is spam to SA might not be spam to your end user!

There are a number of options when using a anti-spam products:
  A. Let the mail go through. (Not really an option!)
  B. Identify the spam by inserting the word S-P-A-M into the subject and allowing the mail to be delivered to the recipient. An enhancement of this option is to implement different SPAM thesholds, create user SPAM folders and automatic rules to move SPAM to that folder.
  C. Delete the spam before it gets to GWIA based on a spam threshold value.
  D. Send the spam to a Quarantine directory to be managed by the GroupWise Administrator.
  E. Include Real-time Blackhole Lists (See below).
  F. Incoporate Bayesian Classifier Filtering to improve spam detection.

2. The advantage of this option is that you "separate" the probable spam from non-spam based on one or more thesholds. This allows the end users to determine what is spam and allow them to delete it directly or forward it to the administrator to be blocked by the Blacklist. We have enhanced this option by providing GEE Whiz clients with a run-time version of our Common Rules Update (CRU) product. CRU for GEE Whiz allows you to automatically create a folder in each user's GroupWise account and a rule that moves any items that are recieved that include the word S-P-A-M into the GEE Whiz SPAM folder. What's nice about this approach is that it automatically separates the "probable" spam from the real mail. All of the "probable" spam is in the SPAM folder. The user doesn't have to spend as much time sifting through his/her emails to identify and delete the probable spam - they are all in the same folder. The most important advantage this option provides is that by letting the user have control, you don't have to worry about false positives (desired emails) being automatically deleted by SA.

GEE Whiz allows the administrator to implement multiple levels of spam detection with different settings at the GWIA server. For example, anything with a rating of 15+ can be automatically deleted before it gets to the GWIA (and through to the MTA or POA), anything with a rating of 3.4 to 6.0 gets the word S-P-A-M inserted into the subject and is allowed to go through to the recipient (and forwarded to the SPAM folder) and anything between 6.1 and 15 can be redirected to a administrator's SPAM account. These emails can be analysed by the administrator to enhance the Blacklist.

We expect that as users become comfortable with the accuracy of their implementation of GEE Whiz, Spam Assassin and Bayesian Classifier Filtering, they will allow more of the mail to be automatically deleted before the mail even gets to the GWIA. This is a much better solution than allowing the GWIA to process the email and forward it to the MTA to be deleted. Deleting SPAM before it gets into your GroupWise system is more efficient and makes more sense than allowing it to get to the MTA. There are companies that provide complete gateway solutions based on the premise that it is better to delete SPAM before it even gets to the GWIA.

GEE Whiz runs directly on your NetWare GWIA server. It is integrated with Spam Assassin and incorporates Bayesian Classifier Filtering. GEE Whiz was officially released December 21, 2002 and has quickly become the leading GWIA-based anti-virus, anti-spam solution. Once again, no additional hardware or OS required - just GroupWise and NetWare.

One way to deal with false positives is to develop White Lists and Black Lists. Most products allow the administrator to include a number of domains or specific addresses in either a Master White List (allowed email addresses) or a Master Black List (banned email addresses). A standard practice is to set up an email account or shared folders for your users to forward email addresses that they want to have included in either list and the administrator adds them to the appropriate list. The problem with a Master Black/White List approach is that spam for one individual is not spam for another. The solution is therefore to allow for individuals to manage their personal white and black lists (a future proposed enhancement to GEE Whiz). This removes the management challenges from the administrator and allows the individual user to be in control. Individual user White/Black lists is the approach we have been asked to add to GEE Whiz by our customers.

GEE Whiz with Spam Assassin rules, black and white lists and RBLs can usually deal with 80-90% of the spam problem. However, trying to get rid of that last 5-10 percent can be more difficult. That's where Bayesian Classifier Filtering comes into play. With GEE Whiz, we provide two sets of Default Bayesian tokens that you can use until you have established your own customised libraries of SPAM (bad emails) and HAM (good emails). This will allow you to take advantage of the most sophisticated Spam detection algorithm and heuristics that are available in today's world of spam detection. For more information on Bayesian Classifier Filtering, go to www.paulgraham.com.

For information on how to implement Bayesian Classifier Filtering with GEE Whiz, click help. You can also select the "Enable Bayesian Classifier" link in the GEE Whiz Administration Interface. The advantage of Bayesian Classifier Filtering is that it allows you to "teach" your system what is SPAM and what is HAM based on the emails that are received by your company. If your company is in the entertainment or travel business, your HAM/SPAM email will be much different that if you are in the healthcare or legal industries. Bayesian filtering allows your SPAM detection to be customised to better satisfy your company's definition of what is SPAM and HAM.

3. Deleting or quarantining all emails that are tagged as spam causes a major challenge in most companies. Although it sounds good to be able to say that our company policy requires that anything above a theshold of N is automatically deleted, this is not satisfactory in most environments.

Spam is only Spam if it is unwanted or does not serve a business purpose. In many environments, it is too politically sensitive or business "foolish" and maybe possibly even illegal to automatically block or delete all mail tagged as SPAM. Even the perception that the SPAM solution might delete a false positive would have disastrous results and create a distrust of the system in many environments. That is why "tagging and forwarding" email to the user is a preffered option. Imagine being an executive or an employee at a company like Novell and having an anti-SPAM system in place that only allows SPAM to be automatically deleted or quarantined if it has a SPAM theshold over N (using a programme like GWAVA). Imagine working in a law firm or a government department and having your system automatically quarantine or delete what would otherwise have been a critical legal document or a business contract.

These are some of the reasons companies are now upgrading to GEE Whiz. GEE Whiz is the only NetWare-based anti-SPAM solution that supports the option to use multiple SPAM thesholds with automatically deployed user SPAM rules. For some companies, automatically deleting SPAM is fine. For many others, GEE Whiz' strategy to respect different business needs rather than applying a sledge hammer solution to all SPAM is a much better approach.

4. Send the spam to a Quarantine directory to be managed by the GroupWise Administrator. The problem with this strategy is that it requires significant administrator time and effort. Many of our customers have upgraded to GEE Whiz from other anti-virus solutions that only provide the automatic "delete" and/or "quarantine" options. GEE Whiz supports this option, but most adminstrators prefer not to have to carry out this function. From a confidentiality perspective, many companies do not allow this solution to be imlemented. Imagine the impact of a SPAM administrator reading all of the tagged email and deciding whether it is SPAM or not. This certainly changes many aspects of a "secure" email system! We have received feedback from many administrators who have implemented products that quarantine all emails like GWAVA and they feel that this strategy requires way too much administrator time to "manage" the quarantined SPAM.

A: Another anti-spam strategy is to include the ability for anti-spam products to refer to Realtime Blackhole Lists (RBLs). For more information on this, do a search on the NET for RBLs. Two suggested sites include: www.mail-abuse.org and www.sdsc.edu/~jeff/spam/cbc.html GEE Whiz allows you to configure RBLs. More importanttly, rather than automatically blocking emails from RBL listed servers, GEE Whiz allows you to apply a Spam Assassin value to these emails. This approach reflects our objective to allow you to control and determine how to manage spam in your environment. This approach allows you to configure different values for different RBLs rather than using a single value model. Most products allow you to configure various implementations of RBLs.

With GEE Whiz Spam Assassin, RBLs and Bayesian Classifier, you will attain the 95-97% rate of spam detection.

In reality, the only way to get rid of 100% of spam is to disconnect your server from the NET - and then you will still get spam (defined as unwanted emails) from your boss and other internal users!

A: Anti-virus and anti-spam utilities usually provide options for attachment blocking or content filtering of undesirable attachment types or content. The most often blocked attachments include files with extensions that are some type of executable or can contain dastardly code: .ZIP, .EXE, .VBS, .BAT, etc. There are two strategies with attachment blocking: blocking based on extension name and blocking based on file types. GEE Whiz allows you to implement both options. File-type blocking allows you to ensure that users can not simply rename an attachment to trick your system and have it be delivered.

GEE Whiz provides Content Filtering based on:
  File-name filtering
  File-type filtering
  Attribute filtering - based on attachments or email content size
  Header filtering
  Email content filtering
  SURBL filtering

A: Regex stands for Regular Expression Parsing. REGEX allows you to search text files for certain "patterns". REGEX provides Spam Assassin and GEE Whiz the ability to be customised to meet your needs. Need to create a GEE Whiz Header Filter to block emails that contain the SoBig virus? No problem, create a Header Filter based on Subject and add the appropriate REGEX search patterns. A quick search on the Internet for REGEX and TUTORIAL will return hundreds of references.

A: Email redirection is used to allow companies to advise senders that there has been a change in a recipient's email address and redirect the mail to the correct address. This relieves your system from having to process emails that are no longer valid. Email capturing, also called email interception, allows you to capture a copy of inbound or outbound emails. This is particularly valuable when a company has an internal policy or a compliance requirement that requires that emails to or from the Internet be "archived".

Starting with version 1.3.0, GEE Whiz provides both types of email redirection strategies.

For archiving of GroupWise emails, see www.gwava.com.

A: In addition to GWIA-based spam filtering and virus detection, there are products that scan messages for viruses and spam between the MTAs and the POAs within the GroupWise system. The first company to deliver this type of solution was Beginfinite with their GWAVA product (www.beginfinite.com).

GWAVA MTA scanning allows you to configure virus detection at the MTA level. This scans all emails that are delivered through the MTA. This includes emails that are sent from one post office to another but does not include emails that are sent from one user to another user within the same post office. By combining GEE Whiz with GWAVA MTA and POA scanning, you can create a "virtual fortress" around your system.

GWAVA POA scanning allows you to scan all (or selected) accounts in a GroupWise Post Office.

A: GWAVA WebAccess Scanner (WASP) provides anti-virus detection for attachments delivered by WebAccess users. GroupWise WebAccess has been identified by industry experts as "The Gaping Hole in Virus Protection" that many customers are not aware of. WebAccess is used by more users than ever before from remote locations that might not have current workstation anti-virus software in place. This puts the GroupWise system at risk. Anti-virus solutions do not check attachments that arrive through the WebAccess server. A server-based agent is required to enable anti-virus protection on systems running GroupWise WebAccess. WASP runs on the WebAccess server (on NetWare) to ensure that viruses are not getting into GroupWise email systems through WebAccess.

A: Another group of products that provide anti-virus and anti-spam detection for GroupWise systems falls into the category of "SMTP GATEWAY" and "Hardware Appliance" services. Almost all of the large anti-virus companies have a version of a gateway or hardware appliance product that will work with all email systems. These types of systems sit out in front of any email system (including GroupWise)and intercept and scan all messages before they are delivered to the email system. The biggest advantage of this type of system is the fact that they will work with all email systems. The biggest perceived disadvantages - security and cost. There is a plethora of these types of products available. Check out www.mcafee.com, www.symantec.com, and just about any other anti-virus software company.

The last category of anti-virus and anti-spam services are outsourced services. Available from a number of companies, these types of services provide a "hands-off" solution. These services are unique in that the spam and/or viruses are filtered before they arrive at the GWIA. Many companies (law firms, financial advisors, various government departments) have expressed concerns about using this type of out-sourced solution. There are many security and confidentiality concerns that are raised by having all of a company's email redirected to a third-party company for analysis. For companies not concerned about confidentiality and security, these services may be a good, low-maintenance choice.