Dr.Web means its own technologies and anti-virus laboratory
Dr.Web anti-virus technology has been developed since 1992 and is owned by Doctor Web, Ltd. There are few anti-virus vendors in the world with their own technologies for detecting and curing malware, a virus monitoring service and an analytical laboratory. It provides a rapid response to latest threats and allows solving any problems of customers in a few hours.

Large enterprise network experience
Dr.Web solutions for small and medium-sized companies and large corporate networks with dozens of thousands of computers have been developed and improved since 1992 The State Duma of Russia, its Defence and Foreign ministries FSB (Federal Security Service) and many other enterprises, educational institutions and research departments trust anti-virus solutions from Doctor Web, Ltd.

Exceptional scalability
Solutions included in Dr.Web Security Suite for Unix Appliance are capable of processing huge amounts of data real-time. Add flexible configuration and reliability and you get a product that can meet demands of a small company with low traffic and one Internet-server as well as serve needs of a corporation or a provider of any scale

High productivity and stability
Multi-thread scan feature enables processing simultaneously large amounts of data. Well-designed modular structure makes it impossible for an attacker to disable a solution. Well-known low system requirements of Dr.Web products allow running them on any server hardware.

Flexible configuration and easy administration
Dr.Web Mail Security Suite for Unix Appliance allows implementing any protection scheme tailored to the security policy of your company. The solutions have flexible configuration system so virtually any required set of rules can be created by a system administrator. All actions related to the network security are logged. The logged data can be used to analyze network health and pinpoint vulnerabilities. The convenient user alert system that issues virus warnings and notifies a user upon loading of a web-page containing malicious code will assist you in conforming to the security policy of your company

Frequent updates
An add-on to the Dr.Web virus database is released as new entries are added. The global virus monitoring network delivers latest samples of viruses from all over the world.

Openness of the solutions
As usual, Doctor Web, Ltd. contributes to developing of anti-virus products for the open source. Solutions included in Dr.Web Security Suite for Unix Appliance have an unlimited potential for expanding their functionality. Virtually any user with a sufficient skill can implement a desired feature using the source code and the SDK supplied with the software.

Dr.Web is not an anti-virus only!
Dr.Web Security Suite for Unix Appliance is an information security complex protecting corporate networks. Depending on your licencing scheme and the set of selected plugins solutions of Dr.Web Security Suite for Unix Appliance can perform the following tasks:

• Process your incoming and outdoing mail and filter out viruses, spam and other unsolicited messages;
• Scan your http and ftp traffic for viruses;
• Detect and remove any malicious objects;
• Examine mail messages picking out all its components for further analysis
• Apply white and black lists for filtering;
• Process correctly archived files of most known formats including multi-volume and self-extracting (SFX) archives;
• Notify recipients or other selected users on results of scanning using templates which makes provided information easy to read
• Collect statistics regarding all activities of the system
• Protect its own pligns against failures

Dr.Web Security Suite for Unix Appliance for protection of mail services is implemented as a set of plugins that run simultaneously. Functionality of the solutions can be expanded by enabling additional plugins ( (see "Technologies" section).

Key features:

• Scans incoming and outgoing messages for viruses and spam.
• Blocks and moves infected and suspicious objects to the Quarantine.
• Sends notifications and alerts on virus events to the system administrator or other selected users
• Logs all activities of the solution and collects stats on its routines
• Automatically updates the virus database
• Displays summary reports and statistics

• Anti-virus scan of e-mail
  Filtering mail for viruses, spyware, adware, suspicious programs, hack tools and jokers is performed by Dr.Web anti-virus plugin (see "Technologies" section). High productivity of filtering is combined with low system requirements, so the solution runs perfectly virtually on any server hardware.

  Stability
  The modular structure of the mail service protection system and a special operation control plugin ensure that the anti-virus plugin is always running, so malware can't disable it.

  Rapid response
  The multi-thread technology allows simultaneous scan of several files instead of placing them in the queue, so the scan doesn’t delay receiving messages by users.

  High level of protection
  A virus database containing thousands of entries with constantly improved heuristic analyzer ensure that no viruses (including macro-viruses, Trojans and other types of malware) get through the protected Internet gateway to user workstations Dr.Web Security Suite for Unix Appliance detects malicious programs written for any platform - Windows, Unix, DOS including Microsoft Office worms. A user may select types of files to be scanned and set an action upon detection of a threat. warn, cure infected objects, delete, mote to the Quarantine, rename

  Correct scan of archives and packed files
  The solution allows scanning of archives and packed files of most known formats and of any nesting level including multi-volume and self-extracting archives. It is especially relevant for a server that protects an Internet connection. The administrator can set maximum compression rate and nesting level, limit compression threshold and max size of a file to be extracted during scanning.

  Quarantine
  Infected and suspicious objects detected by the plugin can be placed to the Quarantine so later you may try to retrieve useful information, cure or delete quarantined messages.

  Easy administration
  Flexible configuration system allows configuring anti-virus plug-in the way you need. All actions of the plugin are logged so you can analyze system behaviour and bottlenecks. The system promptly notifies an administrator so he can perform required tasks in a timely manner.

• Efficient filtering of spam
  Vaderetro plugin filters out spam messages from user mail (see "Technologies" section) using its own library (Vade Retro). The library is updated regularly, so the quality of filtering is constantly improved as well.

  High performance filtering
  Dr.Web Anti-spam scans over 100 messages on-the-fly in one second (1.9GHz Pentium 4 CPU)), which means it will scan 8.64 million messages in 24 hours!

  The anti-spam doesn’t require tuning!
  Unlike anti-spam solutions based on Bayesian filter Dr.Web Anti-spam for Unix mail servers doesn’t require any initial tuning before one is able to use it. The anti-spam starts working as soon as the first message is received!

  Intelligent spam detection system
  Different technologies are used for different types of undesired mail – spam, phishing-, pharmingг-, scamming-, bounce-messages to ensure yet higher detection probability.

  Stand-alone anti-spam saves traffic
  The stand-alone anti-spam analyzer module doesn’t require a connection to an external server or access to a database which also saves traffic.

  The unique technologies!
  The unique filtering technology doesn’t require a block list, so a company can’t be discredited by deliberate adding it to the list.

  Regular updates
  Anti-spam updates are released on daily basis and downloaded by Dr.Web automatic update utility. The unique technologies allow staying up-to-date with latest filtering evasion techniques applied by spammers with only one update in 24 hours and, therefore, save your traffic

• Active protection against hackers and spammers Functionality of present-day corporate mail filtering systems is limited because they have to be integrated in mailing systems. Dr.Web Mail Security Suite for Unix Appliances can be installed on a separate server, so mail filtering system becomes more stable, a company that uses the solution enhances its security and saves traffic.

  Depending on your network architecture, you may choose to install Dr.Web Mail Security Suite for Unix Appliance in the demilitarized zone (DMZ) or in the local area network of your company. The protected server can be placed in the demilitarized zone so that a mail server is not connected to the Internet directly; In this case even if a hacker succeeds in compromising a server, he won’t get access to the information sensitive for your company. Besides, placing Dr.Web Security Suite for Unix Appliance outside the company network won’t allow a third party to receive information about the application installed on the server which also increases overall security of your network.

  Active protection against spam
  It is not only the message content that distinguishes spam from normal messages but also SMTP session parameters. Typically a spam message has a large number of recipients or a fake sender address. During a spam attack a lot of messages are sent using one IP-address.

  Dr.Web Mail Security Suite for Unix Appliance allows an administrator to restrict the following session parameters:

  • max number of recipients
  • max number of SMTP-connections for one IP-address
  • max number of messages in one session
  • maximum number of Received headers in a message
  • max number of errors in one session
  • message max size
  
  
  IP-validity verification
  One of the properties of a spam message is an invalid sender IP. Spammers have to hide their servers (or spam-bots – compromised user workstations) to avoid getting into the Internet block lists.
  Dr.Web Mail Security Suite for Unix Appliance allows verifying IP validity thus providing
  • Sender authentication
  • Check if a sender host is included in the Protected Domains list using PTR and A requests
  • Check if a connecting IP-address is included in white or black lists of IP-addresses and domain names
  • Check if hosts and IP-addresses of a sender or a recipient have matching DNS, A and MX entries
  • Comparing a host IP-address and a connected host
  • Lookup an address in RBL/DNSBL blacklists

  Protection against attacks by hackers and spammers
  Dr.Web Mail Security Suite for Unix Appliance allows configuring protection against typical attacks directed at a mail server including protection against passive attacks such as PLAIN, LOGIN and active attacks performed without a dictionary search.

  Protection against spamtraps
  Spamtraps are created in order to find out spammer e-mail addresses. Dr.Web smtp-proxy allows checking if a recipient is a spamtrap, if so - a message won't be sent at the address.

  Protection against malformed messages
  Protection against malformed messages It is well known that some mail clients do not form mail messages in a proper way. Spam programs have the same flaw. Dr.Web Mail Security Suite for Unix Appliance allows blocking messages with empty sender fields; however, it recognizes malformed messages from known mail clients, so no false detections occur.

  Saving Internet traffic
  Dr.Web Mail Security Suite for Unix Appliance also resolves a problem of high Internet traffic which is especially relevant both for companies with employees carelessly attaching large files to their e-mail and cause mail servers malfunction or companies that become a target for spam attacks.

  Restricted open mail relay
  Spammers often used open mail relays - SMTP servers that allow anyone to relay e-mail though them. If a company needs to run such a server, Dr.Web Mail Security Suite for Unix Appliance can be used to create a list of allowed domains to relay e-mail to.

A solution protecting http and ftp traffic is implemented as a Dr.Web icap-server (drweb-icapd), used as a client that communicates with Dr.Web Daemon. The daemon scans data obtained by drweb-icapd from http-stream. Both http and ftp traffic can be scanned.

Dr.Web Gateway Security Suite for Unix Appliance allows restricting user access to particular web-resources using a list of banned sites or creating content filtering rules based on mime-type and size of requested files.

Use Preview mode to specify files that do not need to be checked i.e. the icap-server won’t download them (e.g. video or audio stream), so you will reduce your external and internal traffic.

Key features:

• Scans http and ftp traffic for viruses;
• Isolates infected objects in the Quarantine;
• Reports on scan results;
• Allows restricting access to web-resources;
• Objects for scanning can be selected by type.

Benefits

High productivity and stability
Filtering traffic through icap-server doesn’t slow down delivery of requested content to an end user in your corporate network.

It saves your traffic
Web-resources access control and content filtering features of Dr.Web Gateway Security Suite for Unix Appliance decreases use of local and Internet traffic by your employees and. consequently, reduces Internet costs.

High level of protection
A virus database containing thousands of entries with constantly improved heuristic analyzer ensure that no viruses (including macro-viruses, Trojans and other types of malware) get through the protected Internet gateway to user workstations Dr.Web Security Suite for Unix Appliance detects malicious programs written for any platform - Windows, Unix, DOS including Microsoft Office worms. A user may select types of files to be scanned and set an action upon detection of a threat: warn, cure infected objects, delete, move to the Quarantine, rename.

Correct scan of archived and packed files
The solution allows scanning archives and packed files of most known formats and any nesting level including multi-volume and self-extracting archives which is especially relevant for a server that protects an Internet connection. If scan archives the administrator can set maximum compression rate and nesting level, limit compression threshold and max size of a file to be extracted.

Flexible configuration and easy administration
Dr.Web Mail Security Suite for Unix Appliance allows tailoring its protection scheme to the security policy of your company. An administrator can restrict access to particular web-resources, sort them by mime-type or by size of requested files.

Dr.Web Security Suite for Unix Appliance has a flexible licencing system. The following licence schemes are available:

• By solution type: Protection of e-mail, protection of Internet-gateways;
• By type of protection: Anti-virus, anti-spam and anti-virus&anti-spam.

Attention! Dr.Web Security Suite for Unix Appliance anti-spam licence doesn’t include protection of HTTP and FTP traffic.

Licenced components

• Dr.Web Daemon — Dr.Web Daemon is an anti-virus server 4.33 (or higher) that processes scan and cure requests from filters sent as files or using sockets. Dr.Web Daemon features the same engine and the database as other Dr.Web scanners and is capable of detecting and curing all known viruses.
• Dr.Web smtp-proxy — is a plugin included in a solution protecting mail services. It receives and relays e-mail via SMTP/LMTP protocols.
• Dr.Web Icap-server — is a plugin that communicates with a proxy-server over ICAP protocol and intercepts HTTP and FTP traffic.
• The basic elements of the complex, monitoring and external communication utilities.
• Dr.Web for Unix console scanner — is a program that can be run in the text mode or in the X Window terminal.
• Automatic update utility.
• SDK for development of extra plugins.

Types of licences

• Address licence
  Licence options – 15, 30, 50 or any other number of addresses over 50. Aliases are not counted. If only 15 or 30 addresses are licenced, all of them are listed in a special file. A message will be scanned only if one of addresses located in an SMTP envelope is identical to a protected address (the comparison is not case-sensitive). So if foo@bar.example.com can send messages with sender foo, foo@bar.example.com or foo@example.com, the three addresses should be listed in the file.
  If a message scan is rejected due to invalid licence (expiration/black list), a corresponding text will be inserted in such a message.
  If a licence is purchased for a number of addresses exceeding 50, there is no need to specify the addresses by now. However, Doctor Web, Ltd. reserves a right in the future to impose a control over the number of addresses stated in the licence to match the actual number of protected addresses.
• Per server licencing
  The licence allows using Dr.Web Daemon to scan unlimited amount of mail traffic of one server with the number of protected addresses limited by 3000. The amount of scanned traffic can be limited only by capabilities of your hardware.
• Unlimited licence
  The licence allows using Dr.Web Daemon to scan an unlimited amount of mail traffic of any number of servers and for any number of users in one company.

Licencing of SDK
SDK is shipped with the product free of charge. A third party developer is free to develop and distribute their plugins created using the SDK free of charge. Certifications is required for the commercial use of developed plugins.

Solutions included in Dr.Web Security Suite for Unix Appliance are already run on Linux-based appliances.

Reliable protection
The solutions feature latest technologies to provide high speed traffic scan. They do not slow down user Internet experience so their operation goes unnoticed. State-of-the-art Dr.Web technologies block malware and spam trying to get to your employees’ computers. Automatic updates help maintaining high security level in your local area network.

Easy installation
Complex solutions of Dr.Web Security Suite for Unix Appliance fully conform to plug-n-play principle which makes them easy to install and administer even for an inexperienced user. Well-designed installation procedure excludes any configuration errors by your personnel and reduces deployment time to just a few minutes. Installing the solution doesn’t require changing configuration of computers in your company’s networks.

Cost-efficient configuration
Configuration of servers with pre-installed Dr.Web Security Suite for Unix Appliance is the result of a thorough optimization process. The solutions fit needs of a customer perfectly, a flexible licencing system allows paying only for functionality one is actually going to use. A server based on Dr.Web Security Suite for Unix Appliance is a high-performance solution at the best price.

Exceptional scalability
Various licence schemes allow using Dr.Web Security Suite for Unix Appliance by companies of any scale and obtaining a configuration tailored to meet needs of a particular company.