PolicyPatrol ZIP v3.5 - server software review

Reviewed by: Mark Goldstein, February 2005
Published by: Red Earth Software
Requires: Microsoft Windows 2000 Professional or (Advanced) Server, Windows XP Professional or Windows Server 2003, Exchange Server 2003, Exchange 2000, Exchange 5.5, Lotus Domino R5/R6 or other SMTP mail server, Microsoft .NET Framework 1.1
MSRP: US$95.00

This is the first in a series of reviews of some interesting programs from Red Earth Software. The umbrella name for the suite of programs is Policy Patrol. They're all standalone components of a comprehensive e-mail filtering tool for Exchange Server 2000, 2003, 5.5 and Lotus Notes/Domino. The individual components provide anti-spam, anti-virus, keyword filtering, attachment blocking, compression, disclaimers, signatures, user-based rules and permissions and remote management. PolicyPatrol ZIP, which we're reviewing in this installment, allows users to compress and decompress e-mail attachments at the server level. Compression rules can be user-based and applied to incoming or outgoing mail and internal or external messages. The point of this is to decrease the size of e-mails, thereby reducing network congestion and improving productivity. In turn, reducing the size of e-mail attachments also reduces bandwidth requirements and message storage requirements. The idea is to make small company corporate e-mail systems more efficient and less costly.

We need to teach staff to use file servers and File Transfer Protocol (FTP) instead of e-mail attachments. It's just so much safer and more secure to send someone a file by transferring it to their company's FTP site. Once the file is there, all the typical sorts of virus checkers can do their jobs easily and safely, isolated if necessary from the rest of the network. Retrieving files is a matter of an IS/IT staffer notifying the intended recipients so they can grab whatever has been sent. It may sound somewhat manual in nature (and it is), but the potential improvement in security is undeniable. It's also not very realistic—naive actually, in this day and age. So tools have to be developed to resolve our inherent laziness, our demand for instant gratification and instant access to information. PolicyPatrol ZIP is designed to serve the need.

We installed and tested PolicyPatrol ZIP on a Windows Server 2003 Exchange (SMTP) mail server. We also installed the Remote Administration console on one of the workstations in our IT office. All features and functions for managing PolicyPatrol ZIP, except for remote administration, are accessed through a browser control. Remote administration is path-driven and also does not provide access to any serial number modifications or entries. We also discovered that we couldn't view internal e-mail messages on the remote workstation because Outlook 2003 was installed on it. We consulted the product documentation and discovered that PolicyPatrol's native TNEF format can't be decoded on the remote machine if it's running Outlook 2003.

The network on which we did the testing is managed with Active Directories. PolicyPatrol integrated well enough to allow the administrator to selectively apply appropriate compression and decompression levels, compressed file size permissions, the apply rules according to groups and sub-groups, and even select which users were monitored. We tried about 20 different combinations of settings over a period of two weeks before we got bored with the sophistication and control. Suffice it to say it all works properly and provides administrators with lots of control. Once we realized what we had, we set things up so that everyone in office admin, finance and marketing had no attachment privileges at all with exception of two individuals in key positions who regularly received legitimate and expected files from external sources. The restriction forced everyone in all three departments to use Workgroup applications and monitored file servers more than normal, which in turn seems to have improved efficiency to some noticeable degree with people spending less time in Outlook and more time inside proposals, documents and spreadsheets.

In conjunction with some experience gained by the end of the first week, we also applied more intense compression rules to a number of users, mostly team leads in the product development group. The net effect was to reduce their storage footprint by about 30%, which in turn pushed back the need for upgrading the mail server with larger hard drives. Nice. Mind you, we really wish these guys would stop using e-mail to exchange critical files, but we know why they do it sometimes: the e-mail server is backed up automatically every day. Nothing will ever be lost unless several generations of backups stored in widely separated locations could somehow be simultaneously destroyed (in addition to all the DVD backups of critical project files). Of course the development servers are also backed up just as religiously, but some people would rather flip an e-mail attachment to someone instead of checking in their code or documents first.

People of all shapes and sizes working for companies of all shapes and sizes will (apparently) forever insist on sending, receiving and opening e-mail file attachments, instead of opting for slightly less convenient methods of file exchange. Of course some people fear that the friends who constantly send porn images will one day send a virus embedded in one of the files. But the recipients still open the file attachments, trusting beyond reasonable hope and rationality that all will be well. How rare such a circumstance that is these days. So the beauty of a centralized e-mail server is that everybody's e-mail and attachments can be checked (for malicious scripts, viruses, etc.), well before any recipients can open such horrors and do damage. The trade-off may be less privacy in return for greater security. Software like PolicyPatrol does its work in a very orderly manner, which also means that IS/IT staff can and will be provided with log files to check. If those logs indicate clusters of bad attachments related to a particular recipient in the company, someone is going to hear about. All we can say is, if your friends and relations are repeatedly sending dangerous garbage to your e-mail address at work, tell them to stop in order to help preserve your job. As Mr. Gump said, "Stupid is as stupid does." You've been warned. At the very least, IS/IT managers are now being ordered to block all e-mail from specific addresses, so if you don't stop your friends now, someone else will stop them soon.

Cons: Read the manual and life will be good because PolicyPatrol ZIP is powerful and even some of the most experienced IS/IT people will not get the most out of it without some guidance from the documentation. For example, PolicyPatrol's method of obtaining users from Active Directory requires that a connector be set up and you'll be scratching your head trying to figure it out unless you know you're supposed to access the Connectors selection in the Licensed Users sub-menu. RTFM. PolicyPatrol does not internally track licenses in relation to the "Automatically license new users" feature, so even if you've got it enabled, the program doesn't know if you've got enough to go around until it runs out in the middle of the process.

Pros: The latest version of the PolicyPatrol suite includes an Exchange anti-spam add-on to provide support for the newer Spam URL Realtime Block List (SURBL). Instead of RB Lists which include sender IP addresses and domains, SURBLs are used to check URLs contained in the body of e-mail messages. Testing and daily use for about a month seems to indicate that SURBLs are a bit better at combating spam and phishing because they assign less importance to potentially forged e-mail headers and more importance to clickable links within messages that are basically harder to forge and therefore tend to connect to the sources of problems—QED: you get to kill malicious e-mail and malicious attachments, while at the same time reducing the size of mail and legitimate attachments. PolicyPatrol ZIP and its suite-mates are not a one stop solution for all your current company e-mail woes, but they're a great start and will help get you more than halfway to the goal of safe and secure e-mail. You still need to take a deep breath and design and enforce a sane company-wide e-mail policy which is unflinchingly applied equally and without mercy in the executive suite as it is among the rank & file. Promoting sane, secure and protective e-mail policy to your business and strategic partners is also a good idea. Good habits and policies improve bottom lines. PolicyPatrol ZIP as part of a comprehensive company security plan is an indispensable utility and integrates efficiently with the other components in the PolicyPatrol suite. Recommended.