s using GroupWise. If your company
is using Microsoft Exchange or another groupware solution, you
will need to identify the entry points for that solution.)
Software or web pages that users access on the Internet
Removable media (such as disks or CDs)
Files attached to an e-mail message that users access with
the GroupWise 32-bit client
Internet e-mail
GroupWise WebAccess client
To effectively eradicate viruses that propagate via the first
two entry points, you must use a combination of workstation-
and server-based virus-protection software. If you are not
already running virus-protection software on all of your com-
panys servers and workstations, you should make plans to
purchase this software now. When making your purchasing
decision, you should factor in your companys GroupWise
system. (For more information, see Workstation- and Server-
Based Virus-Protection Software and Its Relationship to
GroupWise.)
To effectively eradicate viruses that propagate via the
GroupWise entry points, you should follow the guidelines
outlined in this article.
PROTECTING THE POST OFFICE AGENT (POA)
Currently, no virus-protection software is available for the
GroupWise POA. If you are not running virus-protection
software on workstations, users can propagate viruses through
e-mail to other users in the GroupWise system.
PROTECTING THE MESSAGE TRANSFER AGENT (MTA)
Beginfinite (www.beginfinite.com) offers GWAVA (Group-
Wise Anti-Virus Agent) virus-protection software for the
GroupWise MTA. GWAVA integrates with most existing
server-based virus-protection software.
GWAVA is a NetWare Loadable Module (NLM) that works
in conjunction with the GroupWise MTA. Because GWAVA
protects the GroupWise MTA, GWAVA prevents users from
sending viruses to users in other post offices. We have imple-
mented GWAVA at customers sites and have been surprised at
the results. For example, Tay recently implemented GWAVA for
a customer and found that GWAVA filtered 5,600 instances of
a virus in a two-hour period.
PROTECTING THE GROUPWISE INTERNET AGENT (GWIA)
As you know only too well, Internet-propagated e-mail
viruses are the biggest threat to your companys network. The
best way to stop these viruses is at the entry point from the
Internet. The GWIA is a common entry point into your
GroupWise system.
Virus protection providers usually take one of the following
approaches to providing virus-protection software for e-mail:
Virus protection at the MTA for the GWIAs domain
GWIA third-party queue integration
Simple Mail Transfer Protocol (SMTP) mail hosting with a
virus scanner
Protecting the MTA for the GWIAs Domain
GWAVA is one example of a product that protects the MTA
for the GWIAs domain. The GWAVA agent takes messages that
are sent to the GWIAs domain and submits them to server-based
virus-protection software. After the virus-protection software
scans the messages for viruses, GWAVA allows the messages to be
processed. What sets GWAVA apart from other virus-protection
software is that it is NLM based. As a result, GWAVA is fast.
Virus Protection
for GroupWise
N O V E L L C E R T I F I E D P R O F E S S I O N A L
Tay Kratzer and Danita Zanré
Illustration: Debbie Reynolds
A GWIA Third-Party Queue
Integration
When the GWIA receives an out-
going message from the MTA, the
GWIA converts the message into ASCII
format. The GWIA then typically spools
these files to its internal SMTP daemon.
You can configure the GWIA to spool
these files to another directory, which
becomes a third-party integration queue.
You can then have the virus-protection
software scan the files in this queue for
viruses. The virus-protection software
must then move the files to an input di-
rectory for the GWIA.
Many virus-protection products are
written to work in this way for most e-
mail systems. For example, you may want
to check out the following products:
Integralis Inc.s MIME sweeper
(www.integralis.com)
Network Associates Inc.s WebShield
(www.networkassociates.com)
Symantec Corp.s Norton AntiVirus
for Internet E-mail Gateways
(NAVIEG) (www.symantec.com)
Trend Micro Device Inc.s InterScan
E-mail VirusWall (www.antivirus.com)
Two products are specifically designed
for the GWIAs third-party integration
queue:
Guinevere (www.indecon.com/
guinevere)
GroupWise Footnote (www.stack.co.
uk/groupwise_footnote.htm)
Guinevere ingeniously leverages desk-
top virus-protection software to scan
GroupWise messages. With the GWIAs
configurable third-party queue, Guine-
vere scans the GroupWise messages and
then moves them to the input queue for
the GWIA. Guinevere requires a Win-
dows NT or Windows 2000 workstation.
Footnote is supposed to work in the
same way that Guinevere works. How-
ever, neither of us have any experience
with Footnote.
For more information about configur-
ing the GWIA for these solutions, read
the Technical Information Document
(TID) at http://support.novell.com/
cgibin/search/tidfinder.cgi?10011919.
SMTP Mail Hosting
Mail hosting means that the GWIA
is not sending or receiving SMTP mail
to or from Internet SMTP hosts. Instead,
another SMTP device, a host, handles
the SMTP mail for the GWIA.
The host receives incoming e-mail
messages from the Internet. Virus-pro-
tection mail hosts scan the messages for
viruses and then forward the messages
February 2002
Novell Connection
33
NOVELL CERTIFIED PROFESSIONAL
Virus Protection for GroupWise
Workstation- and Server-Based Virus-Protection Software
and Its Relationship to GroupWise
Because a complete virus-protection solution guards all of the
entry points into your companys network, you should under-
stand how workstation- and server-based virus-protection solu-
tions affect how you protect GroupWise. In particular, you should
keep in mind the following:
WORKSTATION-BASED VIRUS SCANNING
You need a workstation virus-protection solution, whether or
not your company has e-mail.
If a user uses the GroupWise viewing feature to view a docu-
ment, then a document-born virus cannot infect the worksta-
tion. To trigger the virus infection, the user must open the doc-
ument in its native application. If the user uses the GroupWise
viewing feature, GroupWise copies the file in its native format
to the workstations TEMP directory. If memory-resident virus-
protection software is running on the workstation, it will detect
the virus-infected document.
Virus-protection software at the workstation can consume a lot
of resources. Virus-protection software interacts with the oper-
ating system so that it can scan every file that is read from or
written to the disk. Virus-protection software even catches
information that passes through memory.
Thats a lot of scanning! If a workstation is low on memory,
it may use the hard drive to create virtual memory. Virus-
protection software will really bog down workstations that have
to frequently swap to disk for memory. Our advice is to ensure
that workstations have sufficient memory and speed to run
virus-protection software.
SERVER-BASED VIRUS SCANNING
Running virus-protection software on the server is a good
safety measure. However, virus-protection software on the
server cannot replace virus-protection software on
workstations.
Server-based virus-protection solutions should not scan the
GroupWise post offices and GroupWise domains (with the
exception of the GWAVA product mentioned in the main
article). The GroupWise message store is encrypted, and
encryption renders virus-protection software useless. In fact,
some virus-protection software is so limited that when a file
is zipped, virus-protection software cannot detect a virus. If
you have set up server-based virus-protection software to
scan GroupWise, you cause needless processor overhead
because this software is scanning files in which it cant
possibly detect viruses.
b to the GWIA via the SMTP protocol.
You can then configure the GWIA to
relay outgoing e-mail messages to the
mail host. The mail host then scans
these messages for viruses before sending
the messages to the Internet.
You can maintain virus-protection
hosts at your site, or you can have an
application service provider (ASP) pro-
vide the virus-protection host for you.
PROTECTING GROUPWISE WEBACCESS
GroupWise WebAccess changes the
face of virus protection at your com-
panys site. The biggest concern is that
users working at home or at other loca-
tions outside of your control may be able
to send virus-laden attachments into
your companys network.
To protect against viruses spreading via
the GroupWise WebAccess client, you
should understand how GroupWise Web-
Access works. The web-server servlets for
GroupWise 5.5 Enhancement Pack and
GroupWise 6 WebAccess place attach-
ments in a directory on the file server
where the web server is running. (On a
NetWare server, the default location for
this directory is SYS:NOVELL\
WEBACCESS\TEMP.) Because the
attachment files remain in their native
format and are stored in this directory for
a short period of time, server-based virus-
protection software can continually scan
this temporary directory to detect viruses.
We have one caution, however: You
should understand how your virus-
protection software works before you
assume this software can effectively scan
this temporary directory. For example,
one of the Novell customers we work
with has tested its server-based virus-
protection software with GroupWise
WebAccess. This customer found that
its server-based virus-protection software
did not catch viruses in the ...\TEMP
directory when a virus-laden docume