Virus protection
Anti-vandal protection
Content filtering
Auto-learning mode
Stripping of cookies, scripts and macros
Remote configuration
Download eSafe Gateway 3.0 Evaluation

eSafe Gateway 2.1 is a powerful content inspection and security policy enforcement product housed at the Internet gateway. It is designed to provide protection against malicious content such as viruses, vandals (malicious Java and ActiveX), data exposure, and other inappropriate content. eSafe Gateway was the first anti-virus, anti-vandal, and content-filtering software for firewalls. It works with all CVP or CVP/API compliant firewalls to examine Internet traffic and block (or clean) undesired content. The result is a highly clean stream of data entering or leaving the network. Major features include:

• Real-time inspection of FTP, HTTP, and SMTP
• Inspection of all known file and MIME types (including TAR, ZIP, LZH, MIME, BINHEX, and UUE-encoded files)
• ICSA Certified anti-virus protection, with unique Macro Terminator^TM and Ghost Machine^TM technologies
• Selective removal of cookies, JavaScripts, VBscripts, macros, and specific file types
• Keyword scanning allows for protection against data exposure and inappropriate content
• Remote configuration, auto-update and extensive logging mechanism

All features and benefits listed in bolded italics are new in version 2.1

Feature	Benefit
Macro Terminatortm	Allows for the detection of the majority of new, unknown macro viruses. Enables organizations to stay one step ahead of the macro virus threat.
Ghost Machinetm	Allows for the greatly increased detection of polymorphic viruses, reducing their threat to corporations.
Smart Scripts Filtering	Allows for the intelligent detection of hostile scripting commands in web pages, commands that can be in JavaScript, Jscript, and/or VBScript.
Improved email content filtering	ESPG now has the capability to filter email messages based on the subject of the email message as well as the body.
Blocks viruses and known vandals at the gateway	Using the same engine that is certified in eSafe Desktop, ESPG can scan for and block 100% of in-the-wild viruses and known vandals at the gateway level.
Automatic Updating	This feature allows for corporations to have the latest program and virus table updates automatically downloaded and installed on the Gateway machine, thus reducing administrative costs for organizations.
Secure Remote Administration	Gives organizations the ability to administer Gateway locations from any site that has access to the Internet, as a standard, but encrypted TCP/IP connection is used to perform the administration.
Content filter	Prevents inappropriate web pages from being accessed, based on keyword, phrase, IP Address, or URL.
Complete Macro Stripping	This enables organizations to add an extra layer of security against macro viruses.
Virus Infection Warnings to Sender	This allows organizations to inform their partners so that they may take appropriate action against viral infections.
Cookie and Scripts Removal	This allows organizations to removal all scripting languages and/or cookies from downloaded web pages.  This is configurable to sites, "trusted only", "untrusted only", etc. This not only adds another layer of security, but lowers bandwidth usage.

eSafe Gateway was the first content security product for firewalls with anti-virus capabilities, and it remains the only gateway-level content security product that can be fully integrated with your firewall to provide protection against vandals, data exposure, and inappropriate content, as well as computer viruses. This unique product is the de facto standard for gateway content security. eSafe Gateway is transparent to end-users and does not require the installation of client software on each workstation, nor does it require hardware modifications. Gateway's revolutionary architecture transparently adds the optimal level of protection with the least administrative cost. eSafe Gateway scans and cleans data passing through SMTP, HTTP, and FTP connections established through a CVP/API compatible firewall. After Gateway is installed, the firewall passes any file that could be infected (including JAVA and ActiveX) to eSafe Gateway for immediate inspection. At the same time, any unauthorized files are blocked by eSafe Gateway. Simultaneously, all files that cannot contain detectably harmful content, such as graphics and plain text files, are sent to their appropriate destination without delay. New in version 2.1 of eSafe Gateway is the detection of unknown macro viruses using the Macro Terminator^TM technology, the greatly improved detection of polymorphic viruses using Ghost Machine^TM, and the ability to intelligently scan scripts embedded in HTML documents, such as JavaScript, VBScript, or Jscript. For maximum protection, eSafe Gateway does not allow users to bypass scanning features. It will block viruses, vandals, data exposure, and inappropriate content in one step, without relying on digital signatures or a known database of prohibited URLs. It is fully integrated with your firewall's security policies and reporting capabilities, but does not degrade the throughput of non-infectable files. Significant among eSafe Gateway's features is a remote management console, capable of providing secure remote configuration and administration of any eSafe Gateway installation via TCP/IP.

System requirements:
• Windows NT4.X
• A CVP/API compatible firewall on any platform
• 256MB memory minimum (512MB recommended)
• 1GB free disk space on a SCSI hard drive recommended

eSafe Gateway uses a full 32-bit advanced anti-virus engine to scan an unlimited range of file types. Although many virus scanners, like the one used in eSafe products, are ICSA certified to detect 100% of viruses that are “in-the-wild”, nearly all of them fall short on detection within compressed or encoded files.

eSafe Gateway will examine and detect viruses in .ZIP, .ARJ, .LHA, .LZH, .RAR, .TAR, .GZIP, and Microsoft compressed files. Furthermore, eSafe Gateway will handle files that are archived multiple times (for example, a ZIP file inside another ZIP file). The default setting is to check 20 levels deep, and the administrator can change this setting. If the recursive limit is reached and the file is still archived, administrators can choose to treat the entire archive as an unknown virus and block it from entering the network. In addition to these archive formats, eSafe Gateway detects viruses in MIME, Uuencode, and BinHex attachments.

eSafe Gateway includes advanced technologies to catch new viruses.

The new Macro Terminator™technology enables it to recognize and remove even new and unknown MS Office Macro Viruses by matching of certain patterns known to be used by macro viruses. Macro viruses, long considered to be the most significant virus problem, are dealt an impressive blow by this unique technology.

Another unique system, Ghost Machine™, catches new Polymorphic viruses, which encrypt their code every time they infect a file. This system executes commands in a simulated virtual machine environment until the virus decrypts itself, dramatically increasing Gateway's ability to recognize and quickly eliminate new polymorphic viruses.

Anti-vandal Protection

Blocking of Denial-of-Service attacks
In addition to blocking ‘access-violation' vandals, eSafe Gateway fills another critical content-security hole. It blocks denial of service attacks that come in the form of hostile Java and ActiveX. Firewalls by themselves can block many denial-of-service attacks (such as hackers flooding or crippling the gateway so that it stops functioning). However, they cannot prevent a vandal Java or ActiveX program from initiating these attacks directly on a workstation. Many attacks are not initiated until after a Java applet or ActiveX control is already through the corporate firewall. These attacks include turning a computer off, using all available memory, opening multiple windows, or other actions which cripple a system. eSafe Gateway will block these Java and ActiveX denial-of-service vandals before they enter the network, perfectly complementing the firewall's protection.

Content Filtering

Preventing Data Exposure and Spam
eSafe Gateway can block incoming or outgoing email based on the sender, recipient, body text, or subject text. Administrators can block or get a copy of certain mail messages depending on whether they contain certain words. For example, system administrators can block email containing profanity or confidential project names. This feature blocks messages which violate corporate policies – thereby allowing full unattended enforcement of these policies. It can also prevent attacks by hackers or vandal programs which use SMTP as a way of sending stolen information out of the network. Administrators can configure these mail messages to be blocked, forwarded, or copied to a predefined address, thereby enforcing company policy regarding the type of information that company email can be used for. In addition, the filtering of outgoing email helps tighten security regarding company secrets, such as passwords and information on specific projects.

Auto-learning Mode

Stripping of Cookies, Scripts and Macros

Secure Remote Configuration

A remote configuration interface allows administrators to remotely configure eSafe Gateway from any location on the Internet. It consists of a client interface module which can be installed on any Windows 9x or Windows NT machine. Through a secure TCP/IP session, this interface can connect to eSafe Gateway from anywhere on the Internet (within security constraints), and the administrator will have the ability to view or configure protection levels. This saves a tremendous amount of time for administrators who are not "on-location" but must manage the gateway connection.