Anti-Virus & File-Blocking
Ensuring a secure e-mail environment
Most of the attacks on enterprise networks today are in some way connected with e-mail. The damaging code appears in various disguises, in one place masquerading as a harmless attachment, in another as an embedded script or other hidden form. Recognizing and eliminating such malicious programming is a key function of virus protection.
Organizations normally counter this type of e-mail attack with a positive security strategy. Specified file attachments are allowed to pass through into the organization, while all others are wholesale blocked.
No matter which virus scanner is being used, fingerprint technology can be used in advance to verify the legitimacy of each file attachment and determine whether it should be delivered, sent into quarantine or deleted. Fingerprinting is used to expose e-mail attachments with falsified file extensions. Each attachment is compared against its expected “fingerprint pattern,” a hexadecimal value associated with every file type, to determine whether or not the attachment is legitimate. The virus scanner can then execute the final security steps, examining the legitimate file attachments for dangerous code.
This two-layer defense ensures the greatest possible protection against attack— independent from the latest virus definitions, and indeed even before corresponding virus definitions have been released.
Failing to implement sufficient anti-virus protection can have serious consequences. When a company is contractually obligated, for example, to assume responsibility for damaging the assets of a business partner or a customer, German contract law may hold it responsible for damages resulting from an attack disseminated through the e-mail, even if the company’s management and administrators had no knowledge of the event.
Organizations normally counter this type of e-mail attack with a positive security strategy. Specified file attachments are allowed to pass through into the organization, while all others are wholesale blocked.
No matter which virus scanner is being used, fingerprint technology can be used in advance to verify the legitimacy of each file attachment and determine whether it should be delivered, sent into quarantine or deleted. Fingerprinting is used to expose e-mail attachments with falsified file extensions. Each attachment is compared against its expected “fingerprint pattern,” a hexadecimal value associated with every file type, to determine whether or not the attachment is legitimate. The virus scanner can then execute the final security steps, examining the legitimate file attachments for dangerous code.
This two-layer defense ensures the greatest possible protection against attack— independent from the latest virus definitions, and indeed even before corresponding virus definitions have been released.
Failing to implement sufficient anti-virus protection can have serious consequences. When a company is contractually obligated, for example, to assume responsibility for damaging the assets of a business partner or a customer, German contract law may hold it responsible for damages resulting from an attack disseminated through the e-mail, even if the company’s management and administrators had no knowledge of the event.
Virus protection on multiple levels
Bullet-proof virus protection can only take place when implemented on multiple levels.
Virus protection is required on each office computer in a client-server environment because it is only on these computers that data from mobile devices, for example USB sticks, CD-ROMS and PDAs, can be examined during synchronization.
Virus scanning is required on the mail server to prevent messages carrying viruses, worms and Trojan horses from getting to user desktops, where the work required to remove them is significantly greater. Server-based solutions like iQ.Suite also make it possible to check encrypted e-mails for viruses by decrypting them in advance (iQ.Suite Crypt).
iQ.Suite also provides virus protection for SMTP gateways.
Virus protection is required on each office computer in a client-server environment because it is only on these computers that data from mobile devices, for example USB sticks, CD-ROMS and PDAs, can be examined during synchronization.
Virus scanning is required on the mail server to prevent messages carrying viruses, worms and Trojan horses from getting to user desktops, where the work required to remove them is significantly greater. Server-based solutions like iQ.Suite also make it possible to check encrypted e-mails for viruses by decrypting them in advance (iQ.Suite Crypt).
iQ.Suite also provides virus protection for SMTP gateways.
The iQ.Suite approach
iQ.Suite Watchdog reliably removes viruses, worms, Trojan horses and suspicious file attachments, and puts them into quarantine. E-mails and databases are checked on the mail server. The process can run in real time, on a schedule or be initiated by events. Watchdog supports automatic virus definition updates and is compatible with a wide variety of virus scanning solutions, for example F-Secure, H+B EDV, McAfee, Norman, Sophos, Symantec, Trend Micro and others.
iQ.Suite makes it possible to use multiple virus scanning products at the same time to achieve a higher level of protection—even if a pure e-mail anti-virus product is already being used. Any existing products are preserved without alteration, and the full security of the iQ.Suite modules becomes available for use.
The fact that 87% of all e-mail attachments contain malicious code makes attachments the Number 1 carrier of viruses. The fingerprinting technology used in iQ.Suite Watchdog is a proven preventative method that securely detects and blocks file attachments in e-mail. When an e-mail arrives on the mail server, a comparison of each attachment with the master fingerprint list determines if the file is authentic or not.
A comprehensive list of fingerprint patterns for standard file types is provided with iQ.Suite. New fingerprint patterns can also be created as needed, to ensure that company-specific information types such as price lists and general legal provisions for doing business test positive as legitimate. A very wide selection of fingerprints in various categories simplifies use.
iQ.Suite Watchdog’s fingerprinting process operates on the actual file type, rather than simply on the file extension, making it extremely accurate. Files in compressed archives (e.g. zip, rar) or embedded as objects can also be processed.
To facilitate compliance with regulations and guidelines, the functions can be customized to meet individual requirements, for example by creating constraints involving a combination of filename, file extension and file size.
Benefits of the iQ.Suite approach
- Server- and rule-based virus protection
- Simultaneous usage of up to 8 virus scanners from various providers
- Recognizes viruses and script commands, even those that occur in message text
- Individually configurable rule-based framework for the implementation of regulatory and corporate guidelines
- Protection of databases and public folders on the mail server
- Generates higher productivity, has a low total cost of ownership and provides a fast return on investment
- Ensures the security of your software investment with regular major releases