Dr.Web for IBM Lotus Domino

Minimal TCO

Dr.Web for IBM Lotus Domino can run on a standalone server as well as on a partitions server or in Lotus Domino clusters. Copies of the anti-virus on different partitions run as separate processes in the RAM but use one database and the same executables. In this case, only one copy is subject to licensing which makes operation more flexible and lowers anti-virus protection costs.

Licenses and certificates

Dr.Web for IBM Lotus Domino complies with the highest security standards – the product is certified by Russia’s Federal Security Service (FSB) and Federal Service for Technological and Export Control (FSTEC).

Ready for IBM Lotus software

Dr.Web for IBM Lotus Domino has the Ready for IBM Lotus software mark and is included in the IBM Lotus Business Solutions Catalogue. The mark confirms the compatibility of Dr.Web for IBM Lotus Domino with Lotus Domino and its compliance with all IBM compatibility requirements.

Exceptional resistance to viruses

Dr.Web can be installed on an infected Lotus Domino server and is capable of curing it without resorting to any additional utilities. All databases can be scanned on demand right after the installation. To ensure maximum scanning efficiency, you can update virus databases prior to the virus check and use the latest virus definitions for scanning.

High-speed scan

The efficient organization of Dr.Web for IBM Lotus Domino, a special scanning algorithm, and flexible administration of the scanning process provide high-speed and resource-efficient scanning. The multi-thread scan enables the anti-virus to process simultaneously huge amounts of data. This advantage allows Dr.Web to run smoothly on virtually any server hardware.

Simple installation and flexible configuration

The deployment of Dr.Web for IBM Lotus Domino can be automated and easily controlled using administration scripts and detailed documentation. With the web interface, an administrator can use any browser (Internet Explorer, Firefox, and Opera) to control anti-virus operation. Dr.Web for IBM Lotus Domino provides a system administrator with abundant tools for flexible configuration of anti-virus actions performed after scanning a message and for sending notifications to a sender, recipient and system administrator upon detection of viruses, store headers of received messages and attachments.

Easy administration

Grouping allows different filtering parameters to be specified for different groups of employees, which contributes to faster deployment and easier maintenance. The same settings can also be specified for several groups by editing a corresponding profile.

Efficient filtering of junk mail without training

The built-in anti-spam lowers server workload and improves employee productivity. Filtering based on black and white lists allows certain addresses to be excluded from scanning, boosting efficiency.

Anti-spam

Advantages of Dr.Web anti-spam

• The anti-spam doesn’t require configuration or training. Unlike anti-spam solutions based on Bayesian filtering, it starts working as soon as the first message arrives, so the anti-spam doesn’t require daily training by the system administrator
• It detects spam messages regardless of their language
• No e-mail receipt delays
• Real-time e-mail filtering
• High-speed filtering with low consumption of system resources
• Scanning objects at any nesting level
• It can choose a processing technology for the target object depending on the message envelope or upon detection of blocking objects
• Messages that have been filtered out are placed in a separate folder so one can always check them to make sure that no false detection has occurred
• With the unique technologies there is no need for blacklists. No company will be discredited after it has been deliberately added to such a list
• Completely stand-alone: a constant connection to an external server or access to a database are not required which saves traffic significantly
• Doesn’t need to be updated more often than once in 24 hours – unique spam detection technologies based on several thousands of rules allow the anti-spam to stay up to date without frequent downloads of bulky updates

Vade Retro

Filtering of spam and other unsolicited messages is performed by a vaderetro plugin that uses its own library (Vade Retro). The library is updated regularly for better quality of filtering. High junk filtering productivity is combined with low consumption of system resources. This is the reason why Dr.Web anti-spam is able to operate efficiently on low-end hardware.

Depending on the results of the analysis each message receives the score from the VadeRetro library – an integer ranging from -10000 to +10000. The higher the score is, the more likely the message is to be spam.

The threshold value is set by the SpamThreshold parameter of the plugin configuration file. If the score equals the value of the SpamThreshold parameter or exceeds it, the message is considered to be spam.

Upon completion of a message analysis, Vade Retro may add (depending on the plugin settings) corresponding headers into the message.

Spam filtering technologies

The Dr.Web anti-spam analyzes messages using several thousands of rules which can be divided into several groups.

Heuristic analysis

A highly intelligent technology that empirically analyzes all parts of a message: header, body, and attachments. It allows detecting unknown types of spam. The heuristic analyzer is being constantly improved; new rules are frequently added. It allows detecting next generation spam messages even before a corresponding rule is created.

Counteraction filtering

The counteraction filtering is one of the most advanced and efficient technologies of Dr.Web anti-spam. It helps recognize techniques and tricks used by spammers to avoid detection.

HTML-patterns

Messages containing HTML code are compared with HTML patterns from the anti-spam library. Such comparison in combination with data on sizes of images typically used by spammers helps protect users against spam messages featuring HTML-code, which often contains online images.

Detection based on SMTP envelope

Detection of fake sender and receiver in an SMTP envelope and fake values of header fields is the latest trend in development of anti-spam technologies. A sender address contained in the received message is easy to fake and therefore should not be trusted. Yet unsolicited mail is not limited by spam. It also includes hoaxes or anonymous threats. Dr.Web anti-spam technologies allow to determine if an address is fake and mark the message as unsolicited. It saves traffic and protects employees from unwanted e-mails contents of which may have unpredictable impact on people's behaviour.

Semantic analysis

Words and phrases of a message are compared with words and phrases from the spam dictionary. All words, phrases and symbols are analyzed – both visible to the human eye and those hidden by spammer tricks.

Anti-scam technologies

Scams (as well as pharming messages – a type of scams) are the most dangerous type of spam. The most notorious example of scam is so-called “Nigerian” scams, loan scams, lottery and casino scams and false messages from banks and credit organizations. A special module of Dr.Web anti-spam is used to filter scams.

Technical spam filtering

Automatic e-mail notifications or bounces are designed to notify a user if a failure in operation of a mail system occurs (e.g the message couldn’t be delivered at the specified address). Similar messages can be used by criminals. For example, a worm or ordinary spam can get to a computer as a notification. A special module of Dr.Web anti-spam detects such unwanted messages.

How it works

Key features

• Scanning of all components of e-mails for viruses and spam, and filtering of spam real-time or as scheduled by an administrator
• Filtering of spam including filtering of messages according to black and white lists
• Anti-virus scan of documents in specified nsf bases
• The manual scanner jobs launch-and-stop feature provides on-demand scanning of objects
• Parsing of e-mails for further analysis
• Curing infected messages and their attached files
• Detection of malicious objects compressed with multiple archivers
• Detection and neutralization of viruses disguised with unknown packers
• Additional technology that can detect unknown threats increases the likelihood that the newest species of malware will be detected
• Storage of infected and suspicious objects in the quarantine (accessed with Lotus Notes)
• Reports are generated using templates that are easy to read
• Operation logging
• Protection of its own modules from failures
• Automatic updates

Updating

Always up-to-date

• Updating over the Internet, whether automatically or according to a schedule, doesn’t require user interference. Updating can also be launched manually.
• Updating is very quick even if a slow Internet connection is used.
• Updating servers are always available.
• Updates can be retrieved from an HTTP server.
• In most cases, there is no need to reboot the system to complete updating; Dr.Web starts using the updated modules and latest virus definitions right away
• Updates are small (50-200KB).
• To save traffic the anti-virus can be set to update virus databases only However, enabling this option is not recommended. To counter the latest threats, Dr.Web undergoes constant refinement. New features are incorporated in updated modules of an anti-virus package and are downloaded from Doctor Web's server automatically during regular updating sessions.
• You can also reduce traffic by downloading updates as archived files A special data-compression algorithm used by Doctor Web allows reducing size of downloaded updates. Patch files are used to deliver minor additions and fixes for virus database or program modules. The special compression algorithm applied to such patches dramatically reduces the amount of transferred data.

Virus monitoring service

• The Doctor Web virus monitoring service collects samples of malicious programs all over the Internet to create antidotes and release updates as soon as analyses are completed — as often as several times per hour.
• As soon as an update is released, users can retrieve it from several servers located at various points of the globe.
• To avoid false positives an update is tested over a huge number of uninfected files before it is released.
• The intelligent system automatically adds entries for similar viruses into the database, ensuring the prompt neutralization of emerging threats.

System requirements

Version for Windows

• OS: Windows Server 2000/2003/2008/2008R2 (32- and 64-bit);
• Lotus Domino v. R6.0 or higher;
• CPU Intel Pentium 133 and higher;
• RAM 64 MB (128 MB recommended);
• Free disk space: 60 MB.

Version for Linux

• OS: Red Hat Enterprise Linux (RHEL) v. 4 and 5, Novell SuSE Linux Enterprise Server (SLES) v. 9 and 10 (32-bit only);
• Lotus Domino v. 7.x or 8.x;
• Lotus Notes 6.5 (or later) for Windows;
• CPU Intel Pentium 133 and higher;
• RAM 64 MB (128 MB recommended)
• Free disk space: 90 MB.

Unique engine features

• Scans archived files at any nesting level
• Reliable detection of packed objects (even if the compression format is unknown to Dr.Web), their detailed analysis aimed at exposing hidden threats
• Leader in detecting and neutralizing complex rootkits (Shadow.based (Confiсker), MaosBoot, Rustock.C, Sector)
• Intelligent memory scan technologies allow viruses to be blocked in the RAM before replicating themselves to the hard drive, making it less likely for malware to exploit the vulnerability of a third-party application or the operating system
• Dr.Web can detect and neutralize viruses that can be found only in RAM and do not exist as files on disks, e.g. Slammer or CodeRed

Detection of unknown threats

• FLY-CODE is a unique universal decompression technology enabling Dr.Web to unpack data that has been compressed with unknown packers
• The cutting-edge, non-signature scan technology Origins Tracing™ ensures the high probability that viruses unknown to Dr.Web will be detected
• The heuristic analyzer, whose analyses are based on criteria that is typical of various groups of malicious programs, detects most known threats

Gallery

Licensing

Types of licenses

• Per number of protected users.
• Per server license – unlimited scanning of server e-mail traffic for as many as 3,000 protected users.

Dr.Web for IBM Lotus Domino can be purchased as a separate product or as a component of Dr.Web Enterprise Security Suite. In the latter case, the license also covers the Control Center of Dr.Web Enterprise Security Suite and Anti-spam.

A license for Dr.Web for IBM Lotus Domino may also include the SMTP proxy as an additional component. Using these products together improves general network security and reduces the workload of local mail servers and workstations.

License options

• Anti-virus
• Anti-virus + Control Center
• Anti-virus + SMTP proxy
• Anti-virus + Control Center + SMTP proxy
• Anti-virus + Anti-spam
• Anti-virus + Anti-spam + Control Center
• Anti-virus + Anti-spam + SMTP proxy
• Anti-virus + Anti-spam + Control Center + SMTP proxy

Dr.Web for IBM Lotus Domino is also included in low-cost Dr.Web bundles for small and medium companies.