Dr.Web Mail Security Suite for Unix Appliance
Dr.Web Mail Security Suite for Unix Appliance for protection of mail services is implemented as a set of plugins that run simultaneously.
A range of tasks that can be solved using the software depends on a set of loaded pluginsPlug-ins
At present the following plug-ins are available.
Due to modular structure of Dr.Web for Unix mail servers and a special module responsible for the system efficiency it is almost impossible to disable the plug-in.
High response speed
Due to multi-threaded scanning technology the system’s response speed is very high. The files are scanned “on-the-fly” not waiting until earlier received messages are processed. This means end users receive e-mails almost in a moment!
High protection level
Huge virus database and constantly perfecting heuristic analyzer leave no chances for viruses, including micro viruses, Trojan Horses and other malware to penetrate into users’ computers via e-mails. Plug-in detects ill-intentional programs written for all platforms — Windows, Unix, DOS, including the objects which can infect files of Microsoft Office. Administrators can choose the types of files to be scanned, as well as reaction to detected threats — reporting, curing of infected objects, moving of suspicious objects to quarantine, renaming.
Correct check of archives and packed files
The DrWeb plug-in correctly checks the majority of existing formats of packed files and archives with any nesting level, including multi-volume and self-extracting, which is extremely important for e-mail systems. Dr.Web can process more than 1000 types of archives and packers.
The detected infected and suspicious files detected by the plug-in can be moved to the quarantine. Later they can be additionally scanned, cured or deleted.
Ease of administration
The flexibility of configuration files allows to customize parameters of the plug-in. Any action made by the plug-in is reflected in the log-files, which later can be analyzed. Handy alerting system allows administrators to quickly react to emerging threats.
Open source solution
Due to open structure of the product users can themselves develop additional modules using the DrWeb plug-in with the help of the open SDK and detailed documentation.
Flexible settings of plug-in allow to implement any number of rules. Plug-in is almost invisible to the system and never overloads it functioning almost instantaneously.
Easy to use
Usage of regular expressions allows to adjust the system both to skip e-mails and to filter them. As the number of rules is unlimited, the system can be easily customized.
Open source solution
Due to open structure of the product users can themselves develop additional modules using the headersfilter plug-in with the help of the open SDK and detailed documentation.
Due to modular structure of the product and a special module responsible for the system efficiency it is almost impossible to disable the headersfilter plug-in.
Flexible configuration allows performing an unlimited number of modifications with processed messages, so a system administrator can create an unlimited number of rules to ensure compliance with e-mail security policies. The Modifier can be set to process messages before other modules as well as to be the last module in the filtering line to perform an additional check using work data from other modules.
Flexible rules that can be created using regular expressions allow setting e-mail processing in accordance with an effective corporate security policy. A prompt notification system allows a system administrator to perform necessary actions in a timely manner.
With open architecture of MailD any user with a sufficient skill can implement a desired feature as a new plugin using the SDK and corresponding documentation supplied with the software.
The modular architecture and a special failure control module ensure exceptional stability of the plugin. It is practically impossible to disable the plugin for a long period of time.
Minimal consumption of system resources combined with high performance provide a rapid response of the software allowing instant processing of messages and undelayed receipt of messages by users.
Depending on its configuration the plugin may add one of the following headers to a message after analysis:
Anti-virus scan of e-mail
Filtering mail for viruses, spyware, adware, suspicious programs, hack tools and jokers is performed by the Dr.Web anti-virus plugin. High productivity of filtering is combined with low system requirements, so the solution runs perfectly virtually on any server hardware.
The modular structure of the mail service protection system and a special operation control plugin ensure that the anti-virus plugin is always running, so malware can't disable it.
The multi-thread technology allows simultaneous scan of several files instead of placing them in the queue, so the scan doesn’t delay messages receipt by users!
Dr.Web is not an anti-virus only!
Dr.Web successfully detects, cures or removes viruses and all types of malicious objects, including rootkits, mail and network worms, file viruses, Trojan programs, spyware, adware, hacker tools, paid dialers and joke programs.
Unique non-signature detection technology
The Origins Tracing™ technology has been added to traditional signature scan and heuristic analysis. It significantly improves detection of yet unknown viruses. Malicious objects detected using the new technology get the .Origin extension to their names.
Correct scan of archived and packed files
Dr.Web correctly checks the majority of existing formats of packed files and archives with any nesting level, including multi-volume and self-extracting, which is extremely important for e-mail systems. Dr.Web recognizes over 1000 types of archives and packers.
Very frequent updates of the virus database
Updates to the Dr.Web virus database are released as soon as new entries are added – up to several times per hour. "Hot" add-ons are released as soon as a new piece of malware is caught and analyzed. Dr.Web global monitoring network collects samples of new viruses from all over the world. Updates are delivered to customers from several updating servers located in different parts of the globe.
Dr.Web has the most compact virus database
That’s why files are scanned quickly, sparing hard drive disk space and RAM, as well as Internet traffic for downloading of the updates is almost instantaneous. Just one entry in the Dr.Web virus database allows detecting dozens, or hundreds, or even thousands of similar viruses.
Infected and suspicious objects detected by the plugin can be placed to the Quarantine so later one can try to retrieve useful information, cure or delete quarantined messages.
Flexible configuration system allows configuring anti-virus plug-in the way you need. All actions of the plugin are logged so you can analyze system behaviour and bottlenecks. The system promptly notifies an administrator so he can perform required tasks in a timely manner.
Efficient filtering of spam
The Vade Secure plugin filters out spam messages from user mail using its own library (Vade Secure). The library is updated regularly, so the quality of filtering is constantly improving as well.
High performance filtering
Dr.Web Anti-spam scans over 100 messages on-the-fly in one second (1.9GHz Pentium 4 CPU), which means it will scan 8.64 million messages in 24 hours!
The anti-spam doesn’t require training!
Unlike anti-spam solutions based on Bayesian filter Dr.Web Anti-spam for Unix mail servers doesn’t require any initial training before one is able to use it. The anti-spam starts working as soon as the first message is received!
Intelligent spam detection system
Different technologies are used for different types of undesired mail – spam, phishing-, pharmingг-, scamming-, bounce-messages to ensure yet higher detection probability.
Stand-alone anti-spam saves traffic
The stand-alone anti-spam analyzer module doesn’t require a connection to an external server or access to a database which also saves traffic.
The unique technologies!
The unique filtering technology doesn’t require a block list, so a company can’t be discredited by deliberate adding it to the list.
Anti-spam updates are released on daily basis and downloaded by Dr.Web automatic update utility. The unique technologies allow staying up-to-date with latest filtering evasion techniques applied by spammers with only one update in 24 hours and, therefore, save your traffic.
A highly intelligent technology that empirically analyzes all parts of a message: header, message body, etc. Not only the message itself, but its attachment is analyzed. The heuristic analyzer is being constantly improved; new rules are frequently added.
The counter-reaction technique is one of the most advanced and efficient technologies of Dr.Web anti-spam. It helps counteract techniques and tricks used by spammers to avoid detection.
Messages containing HTML code are compared with a list of known patterns from the anti-spam library. Such comparison, in combination with data on sizes of images typically used by spammers, helps protect users against spam messages featuring HTML-code, which often contains online images.
During a semantic analysis words and phrases of a message are compared with words and phrases typical of spam. A special dictionary is used for the analysis. All words, phrases and symbols are analyzed – both those visible to the human eye and those masqueraded by the technical tricks of spammers.
Scam (as well as pharming messages – a type of scam-messages) is the most dangerous type of spam, including the so-called “Nigerian” scams, loan scams, lottery and casino scams and false messages from banks and credit organizations. A special module of Dr.Web anti-spam is used to filter scams.
Technical spam filtering
So-called bounces are delivery-failure messages sent by a mail server. An actual recipient of a bounce is not necessarily a sender of an undelivered message; such a message could be sent by a mail worm. Therefore bounces are as unwanted as spam A special module of Dr.Web anti-spam filters such messages as unwanted.
Active protection against hackers and spammers
Functionality of present-day corporate mail filtering systems is limited because they have to be integrated in mailing systems. Dr.Web Mail Security Suite for Unix Appliances can be installed on a separate server, so mail filtering system becomes more stable, a company that uses the solution enhances its security and saves traffic..
Depending on network architecture, Dr.Web Mail Security Suite for Unix Appliance can be installed in the demilitarized zone (DMZ) or in the local area network of a company. The protected server can be placed in the demilitarized zone so that a mail server is not connected to the Internet directly; In this case even if a hacker succeeds in compromising a server, he won’t get access to sensitive information. Besides, placing Dr.Web Mail Suite for Unix Appliance outside the company network won’t allow a third party to receive information about the application installed on the server which also increases overall security of a network.
Active protection against spam
It is not only the message content that distinguishes spam from normal messages but also SMTP session parameters. Typically a spam message has a large number of recipients or a fake sender address. During a spam attack a lot of messages are sent using one IP-address, or using a fake sender address.
Dr.Web Mail Security Suite for Unix Appliance allows an administrator to restrict the following parameters of an SMTP session :
One of the properties of a spam message is an invalid sender IP. Spammers have to hide their servers (or spam-bots – compromised user workstations) to avoid getting into the Internet block list.
Dr.Web Mail Security Suite for Unix Appliance allows verifying IP validity thus providing:
Protection against attacks by hackers and spammers
Dr.Web Mail Security Suite for Unix Appliance allows configuring protection against typical attacks directed at a mail server including protection against passive attacks such as PLAIN, LOGIN and active attacks performed without a dictionary search.
Protection against spamtraps
Spamtraps are created in order to find out spammer e-mail addresses. Dr.Web smtp-proxy allows checking if a recipient is a spamtrap, if so – a message won't be sent at the address..
Correct processing of malformed messages
It is well known that some mail clients do not form mail messages in a proper way. Spam programs have the same flaw. Dr.Web Mail Security Suite for Unix Appliance allows blocking messages with empty sender fields; however, it recognizes malformed messages from known mail clients, so no false detections occur.
Saving Internet traffic
Dr.Web Mail Security Suite for Unix Appliance also resolves a problem of high Internet traffic which is especially relevant both for companies with employees carelessly attaching large files to their e-mail and cause mail servers malfunction or companies that become a target for spam attacksв.
Restricted open mail relay
Spammers often used open mail relays - SMTP servers that allow anyone to relay e-mail though them. If a company needs to run such a server, Dr.Web Mail Security Suite for Unix Appliance can be used to create a list of allowed domains to relay e-mail t.