Wholl Fill the Gap in the Gateway Security Market?

By Larry Seltzer  |  Posted 2005-08-09

Wholl Fill the Gap in the Gateway Security Market?

A ruling against Fortinet by the US International Trade Commission has triggered a silent crisis in the network anti-virus market. The number of products that potentially infringe in the same way as Fortinet is very large.

The ruling finds that Fortinets products violate a Trend Micro patent and may not be imported to the United States. Just about all network appliances, especially the inexpensive ones, are manufactured abroad, so many companies are at risk.

The Trend Micro patent at issue, which covers the use of network proxy servers to perform anti-virus scanning on FTP and SMTP communications, is not one of the clearly stupid patents for which the USPTO is famous (like this one, which has the bright idea of removing white space before evaluating a macro).

In 1995, when it was filed, it was actually a fairly clever idea, and SMTP had certainly not become the wasteland of abuse that it is today. The fact that McAfee and Symantec settled with Trend Micro back in 1998 indicates that they saw enough merit in it not to resist. Because of these settlements, licensees of McAfee and Symantec, such as Servgate, are also unthreatened by this legal development.

The other antivirus companies will either have to license the patent, which Im sure Trend Micro will be happy to do, or find some noninfringing technique. Ive been told that there are companies that use a packet filter approach as opposed to an actual proxy and that this may be noninfringing, but it seems problematic to me. How do you filter files if you only look at packets? It has to limit the flexibility of the scanner.

It seems odd to me that the patent limits itself to the FTP and SMTP protocols, but perhaps the expectations back then of the patent office were a little higher than they are now, and broader claim of all network proxy scanning was risky. In any event, they hit the jackpot with SMTP, clearly the most important protocol for such scanning. There are dozens of antivirus appliances and network that perform this function.

Next Page: Interesting Issue of ClamAV

Wholl Fill the Gap

in the Gateway Security Market?">

Lets take Barracuda Networks for example. Their explanation of how their antivirus scanning works makes it clear they work as a proxy. The site indicates that it uses two scanners, but the only one I can find a name for is ClamAV, the open source antivirus, so I would assume that they are not licensing one of the big three.

In fact, ClamAV is a particularly interesting problem, at least if Trend Micro decides to pursue it. ClamAV has become somewhat popular among the "roll your own gateway security" crowd, and I think its fair to say that ClamAVs main application is as an SMTP proxy. I would be surprised to see Trend go after ClamAV itself, and the ITC wouldnt be the place to do it, but I wouldnt be surprised to hear that letters have been sent to some of the other commercial redistributors of ClamAV, such as Apple. Large numbers of hosting services and ISPs also use ClamAV to scan mail, and many companies and educational institutions use it internally. It would be nuts and pointless for Trend to go after such users.

But its not just ClamAV of course. The ePrism Email Virus Scanning Appliance and Astaro Security Gateways integrate the Kaspersky engine. Panda Softwares own GateDefender appliances may have problems, and its not like they can just decide to license McAfee instead. Some companies, such as CipherTrust, offer licensed AV products like McAfees as alternatives with the unlicensed, Authentium and Sophos in CipherTrusts case.

Actually, the problem is not so much for companies like Kaspersky and the people who write ClamAV, but for others who sell these products at the end of the channel. Fortinet was a special case in that they write their own antivirus software and sell their own appliances, but in the case of Astaro it is they, and not Kaspersky, who imports the potentially infringing product and therefore has a problem.

Consider that the big business market for gateway antivirus is already dominated by the big three and youll see that whats at stake here is the SMB market, where Trend is a newbie. They have no products in that space and only a few licensees, such as Juniper Networks Netscreen devices. Perhaps they have some new products on the way.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at larryseltzer@ziffdavis.com.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Rocket Fuel