This software fared well enough in our tests, although some peculiarities raised a few warning signals. It installs easily, with separate AV and Exchange components, and an optional management interface. A reboot is required, after which mail scanning was switched off by default and had to be enabled.
Alerting options are adequate at best but, to its credit, the company has taken steps to ensure an outbreak does not overwhelm. Popup messages can be limited to a maximum number of simultaneous alerts: three by default, under which condition another message opens to indicate that other events occurred and should be checked in the log. The product offers the ability to record events in the system log, but disables this by default and warns that, should an outbreak occur, this can fill up quickly. Kudos to CA for pointing this out: other products fell neatly into this trap.
The product offers a number of performance options. Background scanning is disabled by default and the help "strongly recommends [you] do not activate background scanning on an Exchange server."
The result is clearly visible in the test results: the product queued mail faster than any other, running at the same speed as the server did with no AV software at all - 45 minutes. But processing was markedly slower, taking 183 minutes - nearly double many other products' times. After that, 7,126 messages remained unscanned; bottom of the table again, but not unexpected given the clear bias towards queue performance over scanning efficiency.
There is little in the way of log analysis in the core AV product, although the management add-on provides a lot more. Logging is unintuitive, needing to be set to level 1, 2 or 3 (on infected/nothing/every scan) but you have to look them up to find out what they mean.
Bizarrely, warning messages are sent as text files marked with a zip file MIME-type and binary characters in the file. At 2k per warning, that is a lot of unnecessary overhead for what is just a simple text file.
Takes steps not to overwhelm the admin during major incidents.
Logging is clumsy.
Thumbs up - eTrust is well balanced for handling outbreaks.