Buy online Buy from partners Renew license

Dr.Web Mail Gateway is a complex modular solution for processing and filtering of incoming and outgoing SMTP/LMTP traffic on servers under Unix-systems (Linux/FreeBSD/Solaris(x86). Depending on the network architecture, Dr.Web smtp-proxy can be installed in the demilitarized zone (DMZ), or in the network of a company. Installing Dr.Web smtp-proxy on a separate server increases stability of the e-mail filtering system, considerably improves general security and extends capabilities of the solution. Depending on the set of connected plug-ins Dr.Web Mail Gateway can filter e-mails for viruses and spam. License options: anti-virus, anti-virus&anti-spam. Wide range of supported OS Dr.Web Mail Gateway is compatible with Linux distribution (version glibc 2.2 and above), FreeBSD versions 4.x and above, Solaris version 10 (for Intel platform only). The architecture of Dr.Web Mail Gateway allows using it with any e-mail system. As the product can be installed prior to a company e-mail server and processes e-mails by itself, it has much wider application options comparing to Dr.Web anti-virus for Unix mail servers.

Depending on the set of connected plug-ins, the product can perform the following functions: scan e-mail messages for viruses and spam — all components of a message are scanned including attachments, if any. Depending on the scanning result the message can be delivered to the e-mail box, blocked or modified. Dr.Web Mail Gateway has a unique ready-to-go spam-filtering technology. Dr. Web anti-spam requires no initial tuning or setup; it begins working effectively upon install. Spam-filtering module does not require connection to any external server or database; this helps save on traffic substantially; use whitelist\blacklist for filtering; parse e-mail messages and analyze each component of a message; correctly process the majority of known archives, including multi-volume or self-extracting (SFX); send notifications on scanning results at a message recipient address(es) and/or at other specified addresses using customizable notification templates; keep logs of events; self-protect against malfunctioning; detect, cure and/or remove malicious objects, including mass-mailing worms, e-mail viruses, peer-to-peer viruses, Internet worms, file viruses, Trojans, stealth viruses, polymorphic viruses, bodiless viruses, macro viruses, MS Office viruses, script viruses, spyware, spybots, password stealers, paid dialers, adware, riskware, hacktools, backdoors, keyloggers, joke programs, malicious scripts, other malware. A number of connected plug-ins is unlimited Dr.Web Mail Gateway allows to extend the functionality of the e-mail filtering system without any limitations. Open-source solution Dr.Web Mail Gateway is based on the system of plug-ins open for independent developers. Any experienced user can implement desired functionality as a plug-in using SDK supplied with the product Flexible settings and ease of administration Dr.Web Mail Gateway contains a flexible system of settings allowing you to use any possible set of rules. An administrator can specify these rules directly, via configuration rules. Outstanding scalability The product can perfectly suite needs of a small company with just one server and meet the unlimited e-mail filtering requirements of transnational telecoms. Its efficiency, flexibility of settings and capability of filtering huge volumes of e-mail traffic “on-the-fly” can comply even with highest demands. High productivity and stablity Due to the multi-threaded scanning function Dr.Web Mail Gateway can process huge volumes of e-mails simultaneously. The modular structure of the solution makes its disabling almost impossible (by the direct attack too). Low system requirements allows Dr.Web Mail Gateway to smoothly function on servers of almost any configuration. Unique technologies! Unique technologies can do without blacklists, which makes the intentional compromising of companies by adding them to blacklists impossible. Dr.Web Mail Gateway can change its behavior depending on the envelope of a processed e-mail, or on detected blocking objects.

Dr.Web smtp-proxy is a component of Dr.Web Mail Gateway .

Present-day corporate e-mail filtering solutions integrated with e-mail systems have limited options to counteract spammers’ attacks. Installation of Dr.Web smtp-proxy on a separate server increases stability of the e-mail filtering system, considerably improves general security and extends capabilities of the solution.

Depending on the network architecture, Dr.Web smtp-proxy can be installed in the demilitarized zone (DMZ), in a local area network of a company. The protected server can be placed in the demilitarized zone so that a mail server is not connected to the Internet directly; in this case even if a hacker succeeds in compromising the server, he won’t get access to the sensitive information. Besides, placing the smtp-proxy outside the company network won’t allow a third party to receive information about the application installed on the server which also increases overall security of the network..

Active counteraction to spam attacks
Not only the e-mail messages itself, but also parameters of an SMTP-session can help identify a message is spam. Some of the characteristic features of spam (or a spam attack) are, for example, numerous recipients of a message, or numerous messages sent from one IP-address, or a forged sender address.
Using Dr.Web smtp-proxy system administrator can restrict the following parameters of an SMTP-session:

• maximum number of recipients;
• maximum number of SMTP-connections with one IP-address;
• maximum number of messages per session;
• maximum number of the Received headers in a message;
• maximum number of errors per session;
• maximum size of a message.

Validation of IP-addresses
Invalid sender’s IP-address is one of the typical features of spam. Spammers have to masquerade their servers (or bots — infected computers of users) to avoid blacklisting. Dr.Web smtp-proxy allows:

• to authenticate senders;
• to check by the PTR and A requests if a host is on the ProtectedDomains list;
• to check if the IP-address of a connection is both on IP-addresses and domains white/blacklists;
• to check the presence in the A and MX DNS entries and their compliance to hosts and IP-addresses of either a sender or a recipient;
• to compare the IP-address of a host with the host the connection was made from;
• to check addresses against RBL/DNSBL blacklists.

Counteraction to hackers' attacks
Dr.Web smtp-proxy allows counteracting frequently used types of attacks against e-mail servers, including the so-called “passive” attacks (e.g. PLAIN, LOGIN) and active non-dictionary attacks.

Protection against spam traps
To identify spammer e-mal addresses spam traps are set in the Internet .Dr.Web smtp-proxy allows to check if a recipient is or not a spam trap and do not send messages to this address.

Protection against malformed messages
It is well known that some mail clients do not form mail messages in a proper way. Spam programs have the same flaw. The smtp-proxy allows blocking messages with empty sender fields; however, it recognizes malformed messages from known mail clients, so no false detections occur..

Cost-savings on Internet traffic
Dr.Web smtp-proxy considerably saves on Internet traffic, which is especially useful for businesses regularly attacked by spammers and companies where employees often carelessly send e-mail messages with large attachments damaging normal operation of Internet servers. Besides, Dr.Web Mail Gateway can start analyzing whether a message is spam or not by its header only; this helps save on traffic as well.

Option to restrict Open Relays servers
Open Relays are e-mail servers that are configured to accept and transfer e-mail on behalf of any user anywhere, including unrelated third parties. Spammers use automated software to scan the Internet trying to find open relays. If they find out that your server is open, they will probably send spam through it. If a company has a business need to organize such a server, Dr.Web smtp-proxy will limit the list of domains to which the messages can be forwarded.

Dr.Web Mail Gateway is designed as a group of simultaneously operating program modules. The range of tasks performed by the complex is determined by loaded plug-ins (libraries, responsible for processing of e-mails).

The e-mail messages are processed by the modules of the e-mail daemon as follows: the incoming messages are received by the Receiver module which transfers them to the Checker module (drweb-maild) for check of e-mail messages. The Checker module calls plug-ins one by one to analyze the messages.

Messages successfully checked by the plug-ins of the e-mail daemon are sent to the e-mail system by the Sender module. During the operation of the e-mail daemon different reports on the results of the check can be generated. These reports are generated by the Notifier module (drweb-notifier) and can be mailed to senders or recipients of messages and to the system administrator. The processing of e-mails by the e-mail daemon can be flexibly regulated by rules.

The option to write rules into the configuration file of the e-mail daemon is one of the most helpful eatures of the Dr.Web mailD technology. The rules allow to vary operational parameters of the e-mail daemon depending on the content of e-mail messages. The current version of Dr.Web mail daemon allows specifying rules for sender and recipient addresses and for the detection of malicious code found in e-mail messages.

Spam filtering technologies

The anti-spam technologies consist of several thousands of rules which can be divided into several groups.

Heuristic analysis
A highly intelligent technology that empirically analyzes all parts of a message: header, message body, etc. Not only the message itself, but its attachment is analyzed. The heuristic analyzer is being constantly improved; new rules are frequently added.

Counter-reaction
The counter-reaction technique is one of the most advanced and efficient technologies of Dr.Web anti-spam. It helps counteract techniques and tricks used by spammers to avoid detection.

HTML-patterns
Messages containing HTML code are compared with a list of known patterns from the anti-spam library. Such comparison, in combination with data on sizes of images typically used by spammers, helps protect users against spam messages featuring HTML-code, which often contains online images.

Semantic analysis
During a semantic analysis words and phrases of a message are compared with words and phrases typical of spam. A special dictionary is used for the analysis. All words, phrases and symbols are analyzed – both those visible to the human eye and those masqueraded by the technical tricks of spammers.

Anti-scamming technology
Scam (as well as pharming messages – a type of scam-messages) is the most dangerous type of spam, including the so-called “Nigerian” scams, loan scams, lottery and casino scams and false messages from banks and credit organizations. A special module of Dr.Web anti-spam is used to filter scams.

Technical spam filtering
So-called bounces are delivery-failure messages sent by a mail server. An actual recipient of a bounce is not necessarily a sender of an undelivered message; such a message could be sent by a mail worm. Therefore bounces are as unwanted as spam A special module of Dr.Web anti-spam filters such messages as unwanted.

Receiver

The Receiver component is responsible for the receipt of e-mails, either directly from e-mail systems, or on SMTP/LMTP protocols, and their subsequent transfer to the drweb-maild component. Depending on the e-mail systems and protocols used, the functions of the Receiver component are performed by different modules (drweb-receiver, drweb-milter, drweb-cgp-receiver, etc.), and simultaneous operation of several modules of the Receiver component is supported, which allows to receive and process e-mail from several sources simultaneously. Certain modules of the Receiver component support modification/sending of received messages based on the check results received from the drweb-maild component. For example, the drweb-milter module has the functionality, which allows it to return the results of check of messages to the SendMail system before an SMTP session ends.

drweb-maild

This is the main component for processing e-mails. The drweb-maild component performs the mime-parsing of messages, transfers the messages for processing to plug-ins and stores messages in the database.

The processing of e-mails is made by plug-ins to the drweb-maild module. Plug-ins can be launched and unloaded at any time, without terminating the drweb-maild module. The messages are processed by plug-ins according to the processing order specified by the administrator. The plug-ins are assigned to two queues – BeforeQueueFilters and AfterQueueFilters.

Immediately after the message is received, it is processed by the plug-in from the BeforeQueueFilters queue. Then, if the AfterQueueFilters queue is empty, the processing results of the message are sent to the Receiver component. If the AfterQueueFilters queue has some other plug-ins, the message, after it is processed by the plug-in from the BeforeQueueFilters queue is forwarded to the database and then is sent to the internal queue of the drweb-maild module and the return code of the successful check is sent to the Receiver component. Then the message is checked by the plug-ins from the AfterQueueFilters queue.

The check results are either sent to the Receiver component (if such possibility exists, for example, if the check result time-out has not expired yet), or to the Sender component. All the messages generated by plug-ins are also sent via the Sender component. Certain plug-ins require support of the database in order to function. Such plug-ins cannot be assigned to the BeforeQueueFilters queue.

drweb-notifier

The module generates reports on the operation of the complex. Additionally, installed plug-ins can add their own types of notifications. Request for generation of reports can be sent to both by plug-ins (for example, when a virus is found), as well as other components of the system. For example, the drweb-maild module can send requests to generate a statistics report of all plugged in components and the Sender component can send a request to generate a DSN report when a message cannot be delivered.

Sender

This component sends messages either directly to different e-mail systems, or on SMTP/LMTP protocols. Depending on the e-mail systems and protocols used, the functions of the Sender component are performed by different modules (drweb-sender, drweb-cgp-sender, etc.). The Sender component can receive requests to send messages from drweb-maild, drweb-notifier and drweb-monitor components.

drweb-agent

The drweb-agent module provides the option to process e-mails both autonomously and being integrated with Dr.Web Enterprise Suite. All components of the system, except for drweb-monitor, receive their configuration files via the drweb-agent module, that is why it should be launched before other components. The drweb-agent module checks the license and collects statistics on the operation of the components of the system: names of detected blocked objects, the volume of the traffic checked, etc.

drweb-monitor

An auxiliary component which launches and terminates the modules of the system in the specified order and controls their operation. In case some module of the system fails to operate drweb-monitor re-launches it and, if it is specified in settings, notifies the administrator about this.

At present the following plug-ins are available.

DrWeb

This plug-in checks e-mails for viruses by the Dr.Web engine. The scanning is made by the drWebd module. The messages are sent to drWebd being already parsed, that is why support of mime-parsing in the engine or in drWebd is not necessary. The plug-in is highly productive and its detection rate is very high.

Stable operation
Due to modular structure of Dr.Web for Unix mail servers and a special module responsible for the system efficiency it is almost impossible to disable the plug-in.

High response speed
Due to multi-threaded scanning technology the system’s response speed is very high. The files are scanned “on-the-fly” not waiting until earlier received messages are processed. This means end users receive e-mails almost in a moment!

High protection level
Huge virus database and constantly perfecting heuristic analyzer leave no chances for viruses, including micro viruses, Trojan Horses and other malware to penetrate into users’ computers via e-mails. Plug-in detects ill-intentional programs written for all platforms — Windows, Unix, DOS, including the objects which can infect files of Microsoft Office. Administrators can choose the types of files to be scanned, as well as reaction to detected threats — reporting, curing of infected objects, moving of suspicious objects to quarantine, renaming.

Correct check of archives and packed files
The DrWeb plug-in correctly checks the majority of existing formats of packed files and archives with any nesting level, including multi-volume and self-extracting, which is extremely important for e-mail systems. Dr.Web can process more than 1000 types of archives and packers.

Quarantine
The detected infected and suspicious files detected by the plug-in can be moved to the quarantine. Later they can be additionally scanned, cured or deleted.

Ease of administration
The flexibility of configuration files allows to customize parameters of the plug-in. Any action made by the plug-in is reflected in the log-files, which later can be analyzed. Handy alerting system allows administrators to quickly react to emerging threats.

Open source solution
Due to open structure of the product users can themselves develop additional modules using the DrWeb plug-in with the help of the open SDK and detailed documentation.

headersfilter

This plug-in filters messages by headers. It filters not only the message itself, but the attachments as well, if any. An administrator can add rules for filtering of e-mails. Regular expressions can be used when filtering rules are specified. Flexible settings of plug-in allow to implement any number of rules. Plug-in is almost invisible to the system and never overloads it functioning almost instantaneously.

Easy to use
Usage of regular expressions allows to adjust the system both to skip e-mails and to filter them. As the number of rules is unlimited, the system can be easily customized.

Open source solution
Due to open structure of the product users can themselves develop additional modules using the headersfilter plug-in with the help of the open SDK and detailed documentation.

Stable operation
Due to modular structure of the product and a special module responsible for the system efficiency it is almost impossible to disable the headersfilter plug-in.

Vaderetro

Vaderetro is the spam filtering plug-in that uses a library of its own (Vade Retro).
Depending on the analysis each message receives the score from the VadeRetro library – an integer ranging from -10000 to +10000. The less the score is, the more likely the message is to be "legitimate", i.e. not spam. The threshold is set by the SpamThreshold parameter of the plug-in the configuration file (if the score equals to the value of the SpamThreshold parameter or if it is greater than this value the message is considered to be spam).

Depending on its configuration the plugin may add one of the following headers to a message after analysis:

• X-Drweb-SpamScore: n. n – the score given by the VadeRetro library.
• X-Drweb-SpamState: b. b – yes for spam and messages with viruses and no for non-spam messages and bounces.
• X-Drweb-SpamState-Num: s. s – classification results of the VadeRetro analysis. s can take the following values: 0, 1, 2 and 3. 0 – a message is not spam, 1 – a message is spam, 2 – a message contains a virus, 3 – a message is a bounce. This header is added if the value for the ddXDrwebSpamStateNumHeader parameter of the vaderetro plug-in configuration file is set to yes.
• X-Drweb-SpamVersion: version. version – the version of the VadeRetro library. This header is added if the value for the AddVersionHeader parameter of the vaderetro plug-in configuration file is set to yes.

Additionally, at the beginning of the "Subject:" field of messages classified as spam, or those containing a virus, the vaderetro plug-in can add the following:

• X-IS-SPAM, value YES/NO
• X-SPAM-SCORE, a number of points given to the message by VadeRetro
• X-SPAM-AGENT, the version of the VadeRetro library
• X-SPAM-DETAILS, a detailed description of spam returned by the VadeRetro library
• X-SPAM-STATE, current status of a message.

Spam filtering technologies

The anti-spam technologies consist of several thousands of rules which can be divided into several groups.

Heuristic analysis
A highly intelligent technology that empirically analyzes all parts of a message: header, message body, etc. Not only the message itself, but its attachment is analyzed. The heuristic analyzer is being constantly improved; new rules are frequently added.

Counter-reaction
The counter-reaction technique is one of the most advanced and efficient technologies of Dr.Web anti-spam. It helps counteract techniques and tricks used by spammers to avoid detection.

HTML-patterns
Messages containing HTML code are compared with a list of known patterns from the anti-spam library. Such comparison, in combination with data on sizes of images typically used by spammers, helps protect users against spam messages featuring HTML-code, which often contains online images.

Semantic analysis
During a semantic analysis words and phrases of a message are compared with words and phrases typical of spam. A special dictionary is used for the analysis. All words, phrases and symbols are analyzed – both those visible to the human eye and those masqueraded by the technical tricks of spammers.

Anti-scamming technology
Scam (as well as pharming messages – a type of scam-messages) is the most dangerous type of spam, including the so-called “Nigerian” scams, loan scams, lottery and casino scams and false messages from banks and credit organizations. A special module of Dr.Web anti-spam is used to filter scams.

Technical spam filtering
So-called bounces are delivery-failure messages sent by a mail server. An actual recipient of a bounce is not necessarily a sender of an undelivered message; such a message could be sent by a mail worm. Therefore bounces are as unwanted as spam A special module of Dr.Web anti-spam filters such messages as unwanted.

Licensing

The product is licensed per number of protected addresses and servers. License options: Anti-virus&Anti-spam, Anti-virus, Anti-spam^*.

Types of the license

• Any other number of addresses over 5.
• Per server license – scan unlimited mail traffic of one server with the number of protected addresses limited by 3000.

Licensing of SDK
SDK is distributed free of charge. Plug-ins developed on its base by third-party developers are free of charge for non-commercial distribution. For commercial distribution such plug-ins should be certified and it is subject to a charge.

Licensed components

• Dr.Web Daemon – anti-virus daemon that processes scan and curing requests.
• Dr.Web Smtp-proxy module.
• The basic part of the program, monitoring and external interaction utilities.
• Automatic updating utility.
• Console scanner Dr.Web for Unix.
• SDK for development of extra plugins.

License options

Dr.Web Mail Gateway Anti-virus&Anti-spam The licence secures e-mail filtering for viruses, spam, scamming, phishing, pharming and bounce messages. Compare products

Buy online Buy from partners Promotions Renew license

Dr.Web Mail Gateway Anti-virus The licence secures e-mail filtering for viruses and malicious objects. Compare products

Buy online Buy from partners Promotions Renew license