Domino AV Testing Results
Thursday 24th February, 2005A quick explanation of the results above giving reasons for the scorings applied.
Ease of installation
Literally how easy it was to take the product out the box and get it up and running with little or no prior experience.
No criticism on the Symantec and Trend products. The CA product needed the OS level anti-virus solution to be installed as a pre-requisite. This was a little complicated and required juggling between two CD's and a reboot. The McAfee product, whilst similar to the others, requires the typing of Hierarchical names (CN=UKHUB/OU=SERVERS/O=TFSE) when referencing servers which is a pain on foreign keyboards and also the replication of system databases from a central server gives little feedback and can just leave the screen frozen for over an hour on slow setup links.
Cleanliness of uninstallation
Historically, many of these products have left redundant files, notes.ini lines and registry entries after uninstallation. None of these current versions did.
Ease of releasing a message
If a message has been stopped en route to the recipient, due to a content filter how easy it is to release the message at a later date. The McAfee product doesn't allow releasing at all. The CA product emails filtered messages to a central address from where they could be forwarded, but not really very practical. The Symantec product can release message after a simple request from any authorised user. The Trend release mechanism didn't work as well, and requires an administrator.
Integration with Domino
How tightly the product integrates with the domino server. The CA product used a very primitive hook of the message out of the mailbox to use the OS level scanner. The others scored very well in comparision.
Centralised management within Notes
This product will be deployed in areas to which our Win2K Active Directory does not spread and so will need to be managed internally within the Notes infrastructure. How easy is this? The CA product offered no integration with the Notes management side and required a separate management tool. Configs could be viewed centrally in all the other 3 products, but some of the settings within McAfee could only be changed locally on the specific server. This goes against the convenient replication setup in Notes.
Delegated Administration
As some Notes admin tasks are de-centralised to eliminate Muda, the ability to delegate some but not all of the administration would be nice. Only Symantec offer multiple levels of administration allowing localised admin to release quarantined messages with no additional authority.
Learning Curve for new Admin users
How easy it was to pick up the product and use the GUI to make routine changes to settings etc.The Trend product was over complicated and the CA product not very straightforward. The McAfee product was good, but some bits seemed well hidden unnecessarily.
Updates Distributed via Notes infrastructure
All products used the existing Notes infrastructure to deploy updates except CA. The McAfee product was marked down as the update database seemed to store all the old versions which wasted space and caused unnecessary replication traffic.
Industry reputation in sector
CA eTrust is very rarely chosen to be used on Lotus Domino infrastructures and they are feared as an unknown. The Gartner research backs this up. The McAfee product is highly criticised in Notes admin forums and user groups for being un-friendly to use. Trend and Symantec are highly regarded, Symantec a little more so as their AV product was developed by IBM/Lotus engineers.
Content Filtering functionality
How easily the product could be used to block keywords like sexual content, profanity etc. Our winners allowed an easy blocking of messages based on a centrally managed block list.
Attachment Restrictions
Is it possible to block attachments based on type, size, content etc. If so, how easy is it. As above our winners allowed an easy restriction of attachments based on a centrally managed block list.
Quarantine Database
Is a centralised quarantine database in use and how easy is it to use.
Admin Notifications
When a virus is found, message is blocked or attachment filtered what notification are sent and how easy are they to configure. CA eTrust emails the live virus to the admin team!!! McAfee couldn't be fully configured and some unwanted notifications couldn't be turned off. Symantec was the most flexible and easiest to configure.
Mail Scanning
How good the product was at handling the scanning of messages, particularly signed and encrypted content.
Database Scanning
How good the product was at handling the scanning of replicated attachments. The CA product can't scan replicated documents. The McAfee product quarantines all encrypted content.
Co-Existance with other AV products
If another product is chosen to protect the OS side of the server, how well they would co-exist. In the case of CA, the CA OS product had to be installed alongside.
Outbreak Management
It's not unusual for a virus to enter the email system before it is known with the virus signatures. As soon as the signatures are updated, it's important to clean up any dormant viruses with a manual scan of all attachments in all areas. All products offer this functionality except CA.
Disclaimer Handling
Can a disclaimer be added to messages, either a corporate footnote or a "scanned for all viruses" style message. Our winner allowed specific disclaimers in local language to be applied as required to messages.