Dr.Web for mail servers Unix

Buy online Buy from partners Renew license Documentation

Dr.Web for mail servers Unix is a unique modular solution for processing and filtering of incoming and outgoing mail traffic under Unix-systems (Linux/FreeBSD/Solaris(x86). Depending on the set of connected plug-ins it can filter e-mail for viruses and spam. License options: Anti-virus, Anti-virus&Anti-spam. Wide range of supported OSs and e-mail systems Dr.Web for mail servers Unix is compatible with Linux distributions (v. glibc 2.2 and higher), FreeBSD v.v.4.x and higher, Solaris 10 (for Intel platform only). Dr.Web for mail servers Unix is also compatible with the widest range of mail servers: CommuniGate Pro, Courier MTA, Exim, Postfix, QMail, Sendmail, ZMailer. The modular structure of Dr.Web for mail servers Unix allows to use this product with any e-mail system, even if it is not found in the supported e-mail systems' list. An experienced user can develop his own plug-in and use Dr.Web for mail servers Unix with an e-mail system that officially is not supported. Moreover the product can be installed prior to the mail system – i.e. it can as well receive, send and analyze e-mail.

Depending on the set of connected plug-ins, the product can perform the following tasks: scan e-mail messages for viruses and spam — all components of a message are scanned including attachments if any use whitelist\blacklist for filtering; parse e-mail messages and analyze each component of a message; correctly process archived files of most known formats, including multi-volume or self-extracting (SFX); send notifications on scanning results to message recipient address(es) and/or other specified addresses using customizable notification templates; keep logs of events; self-protect against malfunctioning; detect, cure and/or remove viruses and all kinds of malicious objects. use an unlimited number of plug-ins. Possibility to connect unlimited number of plug-ins Dr.Web for mail servers Unix allows to extend the functionality of the e-mail filtering system without any limitations. Open-source solution Dr.Web for mail servers Unix is based on the system of plug-ins open for independent developers. Any experienced user can implement desired functionality in the form of a plug-in using SDK supplied with the product. Flexible settings and ease of administration Dr.Web for mail servers Unix contains a flexible system of settings allowing you to perform any possible set of rules. An administrator can specify these rules directly, via configuration rules. Outstanding scalability The product can perfectly suite needs of a small company with just one e-mail server and meet the unlimited e-mail filtering requirements of transnational telecoms. Its efficiency, flexibility of settings and capability of filtering huge volumes of e-mail traffic “on-the-fly” can comply even with highest demands. High productivity and stability Due to the multi-threaded scanning function Dr.Web for mail servers Unix can process huge volumes of e-mails simultaneously. The modular structure of the solution makes its disabling almost impossible (by the direct attack too). Low system requirements allow Dr.Web for mail servers Unix to smoothly function on servers of almost any configuration. Unique technologies! Unique Dr.Web technologies can do without blacklists, which makes the intentional compromising companies by adding them to blacklists impossible. Dr.Web for mail servers Unix can change its behavior depending on the envelope of a processed e-mail, or the detected blocking objects.

Dr.Web for mail servers Unix is designed as a group of simultaneously operating plug-ins. The range of tasks performed by the product is determined by the plug-ins (libraries, responsible for processing of e-mail).

E-mail messages are processed by the modules of the e-mail daemon as follows: the incoming messages are received by the Receiver module which transfers them to the Checker module (drweb-maild) for check of e-mail messages. The Checker module uses plug-ins one by one to analyze messages.

Messages successfully checked by the plug-ins of the e-mail daemon are sent to the e-mail system by the Sender module. During the operation of the e-mail daemon different reports on the results of the check can be generated. These reports are generated by the Notifier module (drweb-notifier) and can be transferred to senders or recipients of messages and to the system administrator. Processing of e-mails by the e-mail daemon can be flexibly managed by rules.

The option to write rules into the configuration file of the e-mail daemon is one of the most helpful options of the Dr.Web mailD technology. The rules allow changing operational parameters of the e-mail daemon depending on the content of e-mail messages. The current version of Dr.Web mail daemon allows specifying rules for addresses of senders and recipients and for malware found in a message.

Components

• Receiver
  The Receiver component is responsible for the receipt of e-mails, either directly from e-mail systems, or on SMTP/LMTP protocols, and their subsequent transfer to the drweb-maild component. Depending on the e-mail systems and protocols used, the functions of the Receiver component are performed by different modules (drweb-receiver, drweb-milter, drweb-cgp-receiver, etc.), and simultaneous operation of several modules of the Receiver component is supported, which allows to receive and process e-mail from several sources simultaneously. Certain modules of the Receiver component support modification/sending of received messages based on the check results received from the drweb-maild component. For example, the drweb-milter module has the functionality, which allows it to return the results of check of messages to the SendMail system before an SMTP session ends.
• drweb-maild
  This is the main component for processing e-mails. The drweb-maild component performs the mime-parsing of messages, transfers the messages for processing to plug-ins and stores messages in the database.

  The processing of e-mails is made by plug-ins to the drweb-maild module. Plug-ins can be launched and unloaded at any time, without terminating the drweb-maild module. The messages are processed by plug-ins according to the processing order specified by the administrator. The plug-ins are assigned to two queues – BeforeQueueFilters and AfterQueueFilters.

  Immediately after the message is received, it is processed by the plug-in from the BeforeQueueFilters queue. Then, if the AfterQueueFilters queue is empty, the processing results of the message are sent to the Receiver component. If the AfterQueueFilters queue has some other plug-ins, the message, after it is processed by the plug-in from the BeforeQueueFilters queue is forwarded to the database and then is sent to the internal queue of the drweb-maild module and the return code of the successful check is sent to the Receiver component. Then the message is checked by the plug-ins from the AfterQueueFilters queue.

  The check results are either sent to the Receiver component (if such possibility exists, for example, if the check result time-out has not expired yet), or to the Sender component. All the messages generated by plug-ins are also sent via the Sender component. Certain plug-ins require support of the database in order to function. Such plug-ins cannot be assigned to the BeforeQueueFilters queue.

• drweb-notifier
  The module generates reports on the operation of the complex. Additionally, installed plug-ins can add their own types of notifications. Request for generation of reports can be sent to both by plug-ins (for example, when a virus is found), as well as other components of the system. For example, the drweb-maild module can send requests to generate a statistics report of all plugged in components and the Sender component can send a request to generate a DSN report when a message cannot be delivered.
• Sender
  This component sends messages either directly to different e-mail systems, or on SMTP/LMTP protocols. Depending on the e-mail systems and protocols used, the functions of the Sender component are performed by different modules (drweb-sender, drweb-cgp-sender, etc.). The Sender component can receive requests to send messages from drweb-maild, drweb-notifier and drweb-monitor components.
• drweb-agent
  The drweb-agent module provides the option to process e-mails both autonomously and being integrated with Dr.Web Enterprise Suite. All components of the system, except for drweb-monitor, receive their configuration files via the drweb-agent module, that is why it should be launched before other components. The drweb-agent module checks the license and collects statistics on the operation of the components of the system: names of detected blocked objects, the volume of the traffic checked, etc.
• drweb-monitor
  An auxiliary component which launches and terminates the modules of the system in the specified order and controls their operation. In case some module of the system fails to operate drweb-monitor re-launches it and, if it is specified in settings, notifies the administrator about this.

Plug-ins

At present the following plug-ins are available.

• DrWeb
  This plug-in checks e-mails for viruses by the Dr.Web engine. The scanning is made by the drWebd module. The messages are sent to drWebd being already parsed, that is why support of mime-parsing in the engine or in drWebd is not necessary. The plug-in is highly productive and its detection rate is very high.

  Stable operation
  Due to modular structure of Dr.Web for Unix mail servers and a special module responsible for the system efficiency it is almost impossible to disable the plug-in.

  High response speed
  Due to multi-threaded scanning technology the system’s response speed is very high. The files are scanned “on-the-fly” not waiting until earlier received messages are processed. This means end users receive e-mails almost in a moment!

  High protection level
  Huge virus database and constantly perfecting heuristic analyzer leave no chances for viruses, including micro viruses, Trojan Horses and other malware to penetrate into users’ computers via e-mails. Plug-in detects ill-intentional programs written for all platforms — Windows, Unix, DOS, including the objects which can infect files of Microsoft Office. Administrators can choose the types of files to be scanned, as well as reaction to detected threats — reporting, curing of infected objects, moving of suspicious objects to quarantine, renaming.

  Correct check of archives and packed files
  The DrWeb plug-in correctly checks the majority of existing formats of packed files and archives with any nesting level, including multi-volume and self-extracting, which is extremely important for e-mail systems. Dr.Web can process more than 1000 types of archives and packers.

  Quarantine
  The detected infected and suspicious files detected by the plug-in can be moved to the quarantine. Later they can be additionally scanned, cured or deleted.

  Ease of administration
  The flexibility of configuration files allows to customize parameters of the plug-in. Any action made by the plug-in is reflected in the log-files, which later can be analyzed. Handy alerting system allows administrators to quickly react to emerging threats.

  Open source solution
  Due to open structure of the product users can themselves develop additional modules using the DrWeb plug-in with the help of the open SDK and detailed documentation.

• headersfilter
  This plug-in filters messages by headers. It filters not only the message itself, but the attachments as well, if any. An administrator can add rules for filtering of e-mails. Regular expressions can be used when filtering rules are specified.

  Flexible settings of plug-in allow to implement any number of rules. Plug-in is almost invisible to the system and never overloads it functioning almost instantaneously.

  Easy to use
  Usage of regular expressions allows to adjust the system both to skip e-mails and to filter them. As the number of rules is unlimited, the system can be easily customized.

  Open source solution
  Due to open structure of the product users can themselves develop additional modules using the headersfilter plug-in with the help of the open SDK and detailed documentation.

  Stable operation
  Due to modular structure of the product and a special module responsible for the system efficiency it is almost impossible to disable the headersfilter plug-in.

• Modifier
  The Modifier modifies processed e-mails using established rules allowing to process incoming and outgoing messages in accordance with corporate standards. Rule-based modification and archiving can be used to prevent information leaks. Analysis of filtered messages can be performed via a quarantine management utility.

  Easy usage
  Flexible configuration allows performing an unlimited number of modifications with processed messages, so a system administrator can create an unlimited number of rules to ensure compliance with e-mail security policies. The Modifier can be set to process messages before other modules as well as to be the last module in the filtering line to perform an additional check using work data from other modules.

  Easy administration
  Flexible rules that can be created using regular expressions allow setting e-mail processing in accordance with an effective corporate security policy. A prompt notification system allows a system administrator to perform necessary actions in a timely manner.

  Open solution
  With open architecture of MailD any user with a sufficient skill can implement a desired feature as a new plugin using the SDK and corresponding documentation supplied with the software.

  Stable operation
  The modular architecture and a special failure control module ensure exceptional stability of the plugin. It is practically impossible to disable the plugin for a long period of time.

  Rapid response
  Minimal consumption of system resources combined with high performance provide a rapid response of the software allowing instant processing of messages and undelayed receipt of messages by users.

• Vaderetro
  Vaderetro is the spam filtering plug-in that uses a library of its own (Vade Retro).
  Depending on the analysis each message receives the score from the VadeRetro library – an integer ranging from -10000 to +10000. The less the score is, the more likely the message is to be "legitimate", i.e. not spam. The threshold is set by the SpamThreshold parameter of the plug-in the configuration file (if the score equals to the value of the SpamThreshold parameter or if it is greater than this value the message is considered to be spam).

  Depending on its configuration the plugin may add one of the following headers to a message after analysis:

  • X-Drweb-SpamScore: n. n – the score given by the VadeRetro library.
  • X-Drweb-SpamState: b. b – yes for spam and messages with viruses and no for non-spam messages and bounces.
  • X-Drweb-SpamState-Num: s. s – classification results of the VadeRetro analysis. s can take the following values: 0, 1, 2 and 3. 0 – a message is not spam, 1 – a message is spam, 2 – a message contains a virus, 3 – a message is a bounce. This header is added if the value for the ddXDrwebSpamStateNumHeader parameter of the vaderetro plug-in configuration file is set to yes.
  • X-Drweb-SpamVersion: version. version – the version of the VadeRetro library. This header is added if the value for the AddVersionHeader parameter of the vaderetro plug-in configuration file is set to yes.
  Additionally, at the beginning of the "Subject:" field of messages classified as spam, or those containing a virus, the vaderetro plug-in can add the following:
  • X-IS-SPAM, value YES/NO
  • X-SPAM-SCORE, a number of points given to the message by VadeRetro
  • X-SPAM-AGENT, the version of the VadeRetro library
  • X-SPAM-DETAILS, a detailed description of spam returned by the VadeRetro library
  • X-SPAM-STATE, current status of a message.

Spam filtering technologies

The anti-spam technologies consist of several thousands of rules which can be divided into several groups.

Heuristic analysis
A highly intelligent technology that empirically analyzes all parts of a message: header, message body, etc. Not only the message itself, but its attachment is analyzed. The heuristic analyzer is being constantly improved; new rules are frequently added.

Counter-reaction
The counter-reaction technique is one of the most advanced and efficient technologies of Dr.Web anti-spam. It helps counteract techniques and tricks used by spammers to avoid detection.

HTML-patterns
Messages containing HTML code are compared with a list of known patterns from the anti-spam library. Such comparison, in combination with data on sizes of images typically used by spammers, helps protect users against spam messages featuring HTML-code, which often contains online images.

Semantic analysis
During a semantic analysis words and phrases of a message are compared with words and phrases typical of spam. A special dictionary is used for the analysis. All words, phrases and symbols are analyzed – both those visible to the human eye and those masqueraded by the technical tricks of spammers.

Anti-scamming technology
Scam (as well as pharming messages – a type of scam-messages) is the most dangerous type of spam, including the so-called “Nigerian” scams, loan scams, lottery and casino scams and false messages from banks and credit organizations. A special module of Dr.Web anti-spam is used to filter scams.

Technical spam filtering
So-called bounces are delivery-failure messages sent by a mail server. An actual recipient of a bounce is not necessarily a sender of an undelivered message; such a message could be sent by a mail worm. Therefore bounces are as unwanted as spam A special module of Dr.Web anti-spam filters such messages as unwanted.

Types of the license

• Addressed license – any number of addresses over 5.
• Per server license – scan unlimited mail traffic of one server with the number of protected addresses limited by 3000. The amount of scanned traffic can be limited only by capabilities of your hardware.

The product is also available in money-saving Dr.Web bundles for small and medium businesses.

License options: Anti-virus&Anti-spam, Anti-virus.

Licensing of SDK
SDK is distributed free of charge. Plug-ins developed using the kit by third-party developers are free of charge for non-commercial distribution. Certification is required for commercial distribution of such plug-ins.

Licensed components

• Dr.Web Daemon – processes scanning and curing requests.
• A set of anti-virus filters for Sendmail, Qmail, Postfix, Communigate Pro, Exim, Courier MTA, ZMailer.
• The basic part of the product, the monitoring and external interaction utilities.
• Automatic updating utility.
• Console scanner Dr.Web for Unix.
• SDK for development of extra plugins.

License options

Dr.Web for Unix mail servers Anti-virus&Anti-spam This license provides protection of e-mail traffic against viruses, spam, scamming, phishing, pharming and bounce messages. Compare products

Buy online Buy from partners Promotions Renew license

Dr.Web anti-virus for Unix mail servers This license provides anti-virus protection of e-mail traffic. Compare products

Buy online Buy from partners Promotions Renew license Upgrade to Anti-virus&Anti-spam

Special offer! Buy any Dr.Web product for mail protection and get 50% discount for Dr.Web Enterprise Suite. Learn more...

This products is also included into Dr.Web bundles.