Dr.Web for MS Exchange

• Compliance with the highest security standards – the product is certified by Russia’s Federal Security Service (FSB) and Federal Service for Technological and Export Control (FSTEC)
• Wide range of installation and configuration options that meet the requirements of almost any company
• High-speed scanning combined with low consumption of system resources allows Dr.Web to run smoothly on any server hardware
• The built-in anti-spam doesn’t require training, lowers server workload and improves employee productivity
• Filtering based on black and white lists allows certain addresses to be excluded from scanning and efficiency to be increased
• Filtering of files by type, contributing to lower traffic
• Grouping allows different filtering parameters to be specified for different groups of employees which contributes to faster deployment and easier maintenance
• High performance and stability achieved with multi-thread scanning
• Detection and neutralization of viruses disguised with unknown packers
• Automatic launch on system start-up
• Easy-to-use updating system using Windows Task Scheduler

Anti-spam

Advantages of Dr.Web anti-spam

• The anti-spam doesn’t require configuration or training. Unlike anti-spam solutions based on Bayesian filtering, it starts working as soon as the first message arrives, so the anti-spam doesn’t require daily training by the system administrator
• It detects spam messages regardless of their language
• No e-mail receipt delays
• Real-time e-mail filtering
• High-speed filtering with low consumption of system resources
• Scanning objects at any nesting level
• It can choose a processing technology for the target object depending on the message envelope or upon detection of blocking objects
• Messages that have been filtered out are placed in a separate folder so one can always check them to make sure that no false detection has occurred
• With the unique technologies there is no need for blacklists. No company will be discredited after it has been deliberately added to such a list
• Completely stand-alone: a constant connection to an external server or access to a database are not required which saves traffic significantly
• Doesn’t need to be updated more often than once in 24 hours – unique spam detection technologies based on several thousands of rules allow the anti-spam to stay up to date without frequent downloads of bulky updates

Vade Retro

Filtering of spam and other unsolicited messages is performed by a vaderetro plugin that uses its own library (Vade Retro). The library is updated regularly for better quality of filtering. High junk filtering productivity is combined with low consumption of system resources. This is the reason why Dr.Web anti-spam is able to operate efficiently on low-end hardware.

Depending on the results of the analysis each message receives the score from the VadeRetro library – an integer ranging from -10000 to +10000. The higher the score is, the more likely the message is to be spam.

The threshold value is set by the SpamThreshold parameter of the plugin configuration file. If the score equals the value of the SpamThreshold parameter or exceeds it, the message is considered to be spam.

Upon completion of a message analysis, Vade Retro may add (depending on the plugin settings) corresponding headers into the message.

Spam filtering technologies

The Dr.Web anti-spam analyzes messages using several thousands of rules which can be divided into several groups.

Heuristic analysis

A highly intelligent technology that empirically analyzes all parts of a message: header, body, and attachments. It allows detecting unknown types of spam. The heuristic analyzer is being constantly improved; new rules are frequently added. It allows detecting next generation spam messages even before a corresponding rule is created.

Counteraction filtering

The counteraction filtering is one of the most advanced and efficient technologies of Dr.Web anti-spam. It helps recognize techniques and tricks used by spammers to avoid detection.

HTML-patterns

Messages containing HTML code are compared with HTML patterns from the anti-spam library. Such comparison in combination with data on sizes of images typically used by spammers helps protect users against spam messages featuring HTML-code, which often contains online images.

Detection based on SMTP envelope

Detection of fake sender and receiver in an SMTP envelope and fake values of header fields is the latest trend in development of anti-spam technologies. A sender address contained in the received message is easy to fake and therefore should not be trusted. Yet unsolicited mail is not limited by spam. It also includes hoaxes or anonymous threats. Dr.Web anti-spam technologies allow to determine if an address is fake and mark the message as unsolicited. It saves traffic and protects employees from unwanted e-mails contents of which may have unpredictable impact on people's behaviour.

Semantic analysis

Words and phrases of a message are compared with words and phrases from the spam dictionary. All words, phrases and symbols are analyzed – both visible to the human eye and those hidden by spammer tricks.

Anti-scam technologies

Scams (as well as pharming messages – a type of scams) are the most dangerous type of spam. The most notorious example of scam is so-called “Nigerian” scams, loan scams, lottery and casino scams and false messages from banks and credit organizations. A special module of Dr.Web anti-spam is used to filter scams.

Technical spam filtering

Automatic e-mail notifications or bounces are designed to notify a user if a failure in operation of a mail system occurs (e.g the message couldn’t be delivered at the specified address). Similar messages can be used by criminals. For example, a worm or ordinary spam can get to a computer as a notification. A special module of Dr.Web anti-spam detects such unwanted messages.

How it works

Key features

• On-the-fly anti-virus and anti-spam scan of e-mails, including attached files
• Anti-virus monitoring of user mailboxes and public directories
• Anti-virus protection of mail traffic passing through the MS Exchange server
• Curing of infected files
• Grouping users by means of Active Directory
• Adjustable scanning parameters: the maximum size and types of objects to be scanned objects, actions to be performed with infected objects
• Detection of malicious objects compressed with multiple packers
• Customizable actions performed with different types of spam, including moving messages to the quarantine or adding a specified prefix into their subject fields
• Customizable wording inserted in outgoing e-mails
• Isolation of infected and suspicious files in the quarantine
• Sending notifications on virus incidents to administrators and other users
• Operation logging
• Automatic updates

Updating

Always up-to-date

• Updating over the Internet, whether automatically or according to a schedule, doesn’t require user interference. Updating can also be launched manually.
• Updating is very quick even if a slow Internet connection is used.
• Updating servers are always available.
• Updates can be retrieved from an HTTP server.
• In most cases, there is no need to reboot the system to complete updating; Dr.Web starts using the updated modules and latest virus definitions right away
• Updates are small (50-200KB).
• To save traffic the anti-virus can be set to update virus databases only However, enabling this option is not recommended. To counter the latest threats, Dr.Web undergoes constant refinement. New features are incorporated in updated modules of an anti-virus package and are downloaded from Doctor Web's server automatically during regular updating sessions.
• You can also reduce traffic by downloading updates as archived files A special data-compression algorithm used by Doctor Web allows reducing size of downloaded updates. Patch files are used to deliver minor additions and fixes for virus database or program modules. The special compression algorithm applied to such patches dramatically reduces the amount of transferred data.

Virus monitoring service

• The Doctor Web virus monitoring service collects samples of malicious programs all over the Internet to create antidotes and release updates as soon as analyses are completed — as often as several times per hour.
• As soon as an update is released, users can retrieve it from several servers located at various points of the globe.
• To avoid false positives an update is tested over a huge number of uninfected files before it is released.
• The intelligent system automatically adds entries for similar viruses into the database, ensuring the prompt neutralization of emerging threats.

System requirements

Hardware requirements

Operating system and software requirements

Unique engine features

• Scans archived files at any nesting level
• Reliable detection of packed objects (even if the compression format is unknown to Dr.Web), their detailed analysis aimed at exposing hidden threats
• Leader in detecting and neutralizing complex rootkits (Shadow.based (Confiсker), MaosBoot, Rustock.C, Sector)
• Intelligent memory scan technologies allow viruses to be blocked in the RAM before replicating themselves to the hard drive, making it less likely for malware to exploit the vulnerability of a third-party application or the operating system
• Dr.Web can detect and neutralize viruses that can be found only in RAM and do not exist as files on disks, e.g. Slammer or CodeRed

Detection of unknown threats

• FLY-CODE is a unique universal decompression technology enabling Dr.Web to unpack data that has been compressed with unknown packers
• The cutting-edge, non-signature scan technology Origins Tracing™ ensures the high probability that viruses unknown to Dr.Web will be detected
• The heuristic analyzer, whose analyses are based on criteria that is typical of various groups of malicious programs, detects most known threats

Gallery

Licensing

Types of licenses

• Per number of protected users.
• Per server license – unlimited scanning of server e-mail traffic for as many as 3,000 protected users.

Dr.Web for MS Exchange can be purchased as a separate product or as a component of Dr.Web Enterprise Security Suite. In the latter case the license also covers the Control Center of Dr.Web Enterprise Security Suite and Anti-spam.

A Dr.Web for MS Exchange license may also include the SMTP proxy as an additional component. Using these products together improves overall network security and reduces the workload of local mail servers and workstations.

License options

• Anti-virus
• Anti-virus + Control Center
• Anti-virus + SMTP proxy
• Anti-virus + Control Center + SMTP proxy
• Anti-virus + Anti-spam
• Anti-virus + Anti-spam + Control Center
• Anti-virus + Anti-spam + SMTP proxy
• Anti-virus + Anti-spam + Control Center + SMTP proxy

Dr.Web for MS Exchange is also included in low-cost Dr.Web bundles for small and medium companies.