Libra ESVA 2.0
Strengths: Ten-minute deployment, very good value, excellent spam detection rates, detailed reporting
Weaknesses: Basic documentation, no attachment file extension filtering, quarantine area fills up quickly
Verdict: Libra ESVA is an easily deployed anti-spam virtual appliance that performs extremely well and looks very good value for SMBs
Not only is Libra's ESVA (email security virtual appliance) one of the lowest-cost messaging security solutions on the market that can be up and running inside of ten minutes, but it claims to offer an exceptional spam detection rate.
Based in Italy, Libra has focused on virtualisation, so ESVA is delivered ready to run on VMware Server, ESX Server, Workstation or Player. Microsoft's Hyper-V won't be on Libra's menu until the end of this year and although it offers an image for its Virtual PC, this is only for initial evaluation.
ESVA gives spam a hard time with a 13-step email security checklist. It employs MailScanner which, along with SpamAssassin, has been configured to use the ClamAV malware scanner.
Its local Real-time Blackhole List (RBL) is an unusual feature and ESVA creates this from its own anti-spam engine statistics, held for the previous 23 hours. Using number of emails sent, good messages and spam, it will block a sender IP address if it is deemed to be sending too much spam in the past day.
It looks for fake sender addresses, verifies recipient addresses and checks sender IP addresses against external spam databases, including Razor, DCC and Pyzor. The FuzzyOCR SpamAssassin plug-in is also included, which runs image analysis on attachments and uses word matching and image hashing to determine whether they are spam.
We opted to test ESVA on the lab's VMware ESX Server 4.0 system and created a new VM with the downloaded OVF file. With the clock ticking, we pointed a browser at the virtual app's default IP address and went through a simple setup wizard routine.
It steps through time, date and network settings, while for anti-spam you provide details about your company, email server and administrative accounts. Last up is certificate creation. Most users should be able to complete this entire phase in ten minutes.
For spam testing, we allowed live mail to go through the ESVA system and it could start scanning right away on its default settings. The ESVA web console home page opens with a complete rundown on messaging activity, so we could see clearly how it was performing.
A graph at the top shows spam statistics for the current week and a useful graph alongside reveals swap file status and disk usage. A big pie chart provides a daily breakdown of good and bad email. The last 15 messages received are listed and colour-coded to highlight those identified as spam.
The ClamAV virus and malware database and SpamAssassin signature files are downloaded at regular intervals and you can view their status at any time. We found upgrades easy to carry out using the Libra download site.
ESVA integrates neatly with AD and Exchange environments using LDAP. Libra is keen to point out that the appliance only makes direct LDAP queries and doesn't cache passwords. Authenticated users can log in to the appliance, view their own spam digest and release or delete stored messages.
The anti-spam engine can be customised extensively and ESVA offers a good range of controls. Clean messages can be delivered normally, tagged and have HMTL content converted to text. They can be stored in the quarantine area, although we switched this option off as it filled up quickly.
Separate groups of settings are provided for each category, so you can quarantine, block, forward, delete or bounce messages, strip out HTML content or tag headers.
ESVA doesn't allow you to fiddle with attachment scanning functions, so you can't block specific file extensions. All you can do is specify a single email address that is exempt from attachment scanning. Libra says scanning for keywords in message subjects and body content will be available in the next release of ESVA.
ESVA spam detection proved very effective. After leaving it scanning live mail from multiple accounts for a number of days, we saw it deliver a clean 100 per cent score. We did find it necessary to tweak the non-spam score level, as the default setting was causing a small number of false positives.
The quarantine area uses different colours to show good messages and spam. Selecting the envelope icon allows you to view its contents, which include a spam report showing which ESVA components were activated and the scores they gave the message.
General reporting is very good for such a low-cost product. There are 21 predefined reports, which include top ten senders, recipients or domains by message volume or quantity, lists of messages blocked at the SMTP level and graphical views of MTA statistics.
Graphs and tables are provided showing SpamAssassin activity and the spread of scores assigned to all messages. The appliance also keeps an audit trail, so you can see who logged on, what modifications they made and when.
We were impressed with Libra ESVA on a number of counts, as this virtual appliance proved to be simple to deploy and capable of delivering excellent anti-spam results. Reporting is very detailed and its low price makes it highly suited to SMBs on a tight budget.