EN RU CN DE EN ES FR JP PL UA

News & Events | Promotions | Licensing center | Anti-cyber fraud center | Customers | Company

Dr.Web for Unix Mail Servers

Highly intelligent anti-virus and anti-spam protection system for large amounts of e-mail traffic


Meet highest security standards

Dr.Web for Unix Mail Servers is certified by Russia’s Federal Service for Technical and Export Control (FSTEC) and Federal Security Service (FSB) and, subsequently can be used in networks with high security requirements. Dr.Web for Windows meets all of the requirements of anti-virus products regarding the protection of personal information as stated by Russian law and can run on computers requiring maximum protection.

Flexible configuration

Dr.Web for Unix Mail Servers can be configured using rules providing greater flexibility compared with competitive solutions that can only be set up using static parameters in configuration files. Messages are filtered and modified according to established policies where the administrator can configure individual processing rules for different users and groups and even for each e-mail. It allows the product to meet any requirements to corporate security.

Low system requirements

The system requirements of Dr.Web for Unix Mail Servers are very low allowing it to run on any server hardware. It makes the anti-virus a perfect choice for companies that can't afford modernizing their server hardware on a regular basis to meet ever growing requirements of most anti-virus solutions.

Minimal TCO

Unlike many competitive solutions Dr.Web for Unix Mail Servers enjoys the most flexible multi-optional licensing. A customer buys only components they need and doesn’t pay for software they don’t need and will never use.

Perfect scalability

Dr.Web for Unix Mail Servers with its capabilities for processing huge amounts of data real-time, reliability and flexibility meets demands of small companies using one mail server as well as unlimited requirements of multi-national telecom providers for scan of mail traffic.

Rapid response

Multi-thread scanning ensures rapid response of the anti-virus allowing it to scan arriving data real-time along with files received earlier and to deliver e-mails to end-users without a notable delay.

Efficient filtering of unsolicited e-mails

Dr.Web anti-spam is shipped as a solution component (but never as a separate product). It is installed on the server where the anti-virus product resides. It simplifies administration of the solution and lowers its TCO compared with competitive solutions.

Additional advantages of Dr.Web anti-spam

  • the anti-spam doesn’t require configuration or training. Unlike anti-spam solutions based on Bayesian filtering, it starts working as soon as the first message arrives
  • It detects spam messages regardless of their language
  • Customizable actions for different categories of spam
  • The white and black lists of its own rule out a possibility for a company to be discredited by adding it deliberately to lists of unwanted addresses
  • Record-low number of false positives
  • Stays relevant with one update in 24 hours – unique spam detection technologies based on several thousands of rules allow the anti-spam to stay up to date without frequent downloads of bulky updates
Enhanced security for corporate mail

The modular structure of Dr.Web for Unix Mail Servers allows integrating the product with various mail systems or using it as an SMTP proxy —a filter processing e-mails before they are received by the mail server. Dr.Web for Unix Mail Servers and an additional SMTP proxy used simultaniously provide:

  • Better overall network security
  • Improved filtering quality with no limitations caused by a mail server
  • Lower workload of local mail servers and workstations
  • Greater stability of the mail filtering system
Protection of confidential information

The quarantine managed over the web-interface or by means of a special utility and the option for archiving all e-mails transferred through the filter allow tracking causes of data leaks and restoring messages accidentally deleted by users from their mail boxes.

Guaranteed delivery of e-mail

Guaranteed delivery of all messages makes configuring a mail server easier. Even if a user is unavailable for a long period of time and can’t receive a message, it will be stored in a special directory.

Easy administration

The web-interface allows administering the product from any computer connected to the Internet.

Open solution

Dr.Web for Unix Mail Servers can be integrated with solutions from other developers. With the open API users can also add new features to the product.

Unlimited number of plugins

New features for protection of e-mail can be added to the product without any limitations so that any written plugin will immediately work with all supported MTA.

These are not the only advantages of Dr.Web for Unix Mail Servers! Learn about all strong points of the product with our online testing service Dr.Web LiveDemo.

Dr.Web Control Center is licensed free of charge.

Arguments for CEO | Arguments for the CIO

Dr.Web for Unix Mail Servers with its flexible configuration, reliability and its capabilities for load-balancing and real-time processing of huge amounts of data meets demands of small companies using one mail server as well as requirements of multi-national ISPs for scan of unlimited amounts of data.

Dynamic load balancing optimizes server performance without additional testing.

The configuration testing and service control interface enables on-the-fly configuration of operation of services which significantly simplifies system maintenance and allows its faster deployment.

Settings of the filtering service and quarantine can now be stored in storages of different types ranging from ordinary files to databases like Oracle.

LDAP directory services are used to store settings. It provides integration of the solution into the structure of the corporate directories service and makes administration of the solution easier.

Dr.Web for Unix Mail Servers is a group of interacting software modules. The range of tasks performed by the solution depends on loaded plug-ins (libraries, responsible for processing of e-mails).

The e-mail messages are processed by the modules of the e-mail daemon as follows: incoming messages are received by the Receiver module which transfers them to the Checker module (drweb-maild). The Checker module uses plug-ins one by one to analyze the messages.

Messages that passed scanning by mail daemon’s plugins are forwarded to the mail system by the Sender module. Plugins processing e-mail traffic generate reports on scanning results are created. Such reports are generated by the Notifier module (drweb-notifier) and can be mailed to senders or recipients of messages and to a system administrator. he processing of e-mails by the e-mail daemon can be flexibly regulated by rules.

In accordance with effective security policies filtered out messages can be placed in the quarantine. If necessary, all actions (search, removal of messages from the quarantine, archiving) can be carried out using the web-interface, a special utility or administration messages. Quarantine management with administration messages is also available to users.

Rules are added into the daemon’s configuration file — it is one of the most useful features of the software. Rules set in the mail daemon configuration file allow changing operational parameters of the mail daemon depending on the contents of processed messages. The current version of the mail daemon allows setting rules for sender and recipient addresses and for particular types of malicious objects found in messages.

Dr.Web for Unix Mail Servers can archive all incoming and outgoing messages allowing restoring accidentally deleted e-mails and determining how an infection spread over a network.

Receiver
The Receiver component is responsible for the receipt of e-mails, either directly from e-mail systems, or on SMTP/LMTP protocols, and their subsequent transfer to the drweb-maild component. Depending on the e-mail systems and protocols used, the functions of the Receiver component are performed by different modules (drweb-receiver, drweb-milter, drweb-cgp-receiver, etc.), and simultaneous operation of several modules of the Receiver component is supported, which allows to receive and process e-mail from several sources simultaneously. Certain modules of the Receiver component support modification/sending of received messages based on the check results received from the drweb-maild component. For example, the drweb-milter module has the functionality, which allows it to return the results of check of messages to the SendMail system before an SMTP session ends.
drweb-maild
This is the main component for processing e-mails. The drweb-maild component performs the mime-parsing of messages, transfers the messages for processing to plug-ins and stores messages in the database.
The processing of e-mails is made by plug-ins to the drweb-maild module. Plug-ins can be launched and unloaded at any time, without terminating the drweb-maild module. The messages are processed by plug-ins according to the processing order specified by the administrator. The plug-ins are assigned to two queues – BeforeQueueFilters and AfterQueueFilters.
Immediately after the message is received, it is processed by the plug-in from the BeforeQueueFilters queue. Then, if the AfterQueueFilters queue is empty, the processing results of the message are sent to the Receiver component. If the AfterQueueFilters queue has some other plug-ins, the message, after it is processed by the plug-in from the BeforeQueueFilters queue is forwarded to the database and then is sent to the internal queue of the drweb-maild module and the return code of the successful check is sent to the Receiver component. Then the message is checked by the plug-ins from the AfterQueueFilters queue.
The check results are either sent to the Receiver component (if such possibility exists, for example, if the check result time-out has not expired yet), or to the Sender component. All the messages generated by plug-ins are also sent via the Sender component. Certain plug-ins require support of the database in order to function. Such plug-ins cannot be assigned to the BeforeQueueFilters queue.
drweb-notifier
The module generates reports on the operation of the complex. Additionally, installed plug-ins can add their own types of notifications. Request for generation of reports can be sent to both by plug-ins (for example, when a virus is found), as well as other components of the system. For example, the drweb-maild module can send requests to generate a statistics report of all plugged in components and the Sender component can send a request to generate a DSN report when a message cannot be delivered.
Sender
This component sends messages either directly to different e-mail systems, or on SMTP/LMTP protocols. Depending on the e-mail systems and protocols used, the functions of the Sender component are performed by different modules (drweb-sender, drweb-cgp-sender, etc.). The Sender component can receive requests to send messages from drweb-maild, drweb-notifier and drweb-monitor components.
drweb-agent
The drweb-agent module provides the option to process e-mails both autonomously or together with Dr.Web Enterprise Security Suite. All components of the system, except for drweb-monitor, receive their configuration files via the drweb-agent module, that is why it should be launched before other components. The drweb-agent module checks the license and collects statistics on the operation of the components of the system: names of detected blocked objects, the volume of the traffic checked, etc.
drweb-monitor
An auxiliary component which launches and terminates the modules of the system in the specified order and controls their operation. In case some module of the system fails to operate drweb-monitor re-launches it and, if it is specified in settings, notifies the administrator about this.

Currently the following plugins are available for Dr.Web for Unix Mail Servers:

Drweb

Drweb — is an e-mail anti-virus scan plugin for checking e-mails with the Dr.Web engine. The Drwebd is a scanning module required for operation of the plugin. Messages delivered to drwebd for scanning are already parsed, so neither the drwebd module nor the engine feature a mime-parser. The plugin shows good performance, high detection rate and a rapid response combined with low consumption of system resources.

Stable operation

The modular architecture of the solution and its special failure control module provide exceptional stability of the plugin. It is virtually impossible to render it non-operational.

Rapid response

Multi-thread scanning ensures rapid response of the anti-virus allowing it to scan arriving data real-time along with files received earlier and to deliver e-mails to end-users without a notable delay.

Quarantine

Infected and suspicious objects detected by the plugin can be placed to the quarantine so later one may try to retrieve useful information, cure or delete quarantined messages.

Easy administration

Flexibility of configuration files allows customizing parameters of the plug-in as the user sees fit. All actions of the plug-in are logged and can be analyzed to identify bottlenecks. Prompt alerting enables administrators to respond to emerging threats in a timely manner.

Open solution

The open MailD architecture enables users to implement additional features that will use DrWeb plug-in with the help of the open SDK and detailed documentation.

Headersfilter

Headersfilter is a header-based message filter used to check e-mails and their attachments. The plugin allows users to add custom filtering rules. Regular expressions can be used to define such rules. Flexible settings of the plug-in allow implementing any number of rules. The plug-in never overloads a system and performs required tasks very quickly.

Easy administration

Flexible rules that can be created using regular expressions allow setting e-mail processing according to requirements of the user. A prompt notification system ensures that a system administrator can perform necessary actions in a timely manner.

Open solution

The open MailD architecture enables users to implement additional features that will use DrWeb plug-in with the help of the open SDK and detailed documentation.

Stable operation

The modular architecture of the solution and its special failure control module provide exceptional stability of the plugin. It is virtually impossible to render it non-operational.

Rapid response

Multi-thread scanning ensures rapid response of the anti-virus allowing it to scan arriving data real-time along with files received earlier and to deliver e-mails to end-users without a notable delay.

Modifier

The modifier changes processed e-mails using established rules which allows processing incoming and outgoing messages in accordance with corporate standards. In particular using the plugin and the archiving feature allow preventing information leaks. Analysis of filtered messages can be performed via a quarantine management utility.

Easy administration

Flexible configuration allows performing an unlimited number of modifications of processed messages, so a system administrator can create an infinite number of rules to ensure compliance with e-mail security policies. Regular expressions provide full customization of filtering parameters while prompt notifications allow the administrator to take necessary actions in a timely manner.

Open solution

The open MailD architecture enables users to implement additional features that will use the DrWeb plug-in with the help of the open SDK and detailed documentation.

Stable operation

The modular architecture of the solution and its special failure control module provide exceptional stability of the plugin. It is virtually impossible to render it non-operational.

Rapid response

Multi-thread scanning ensures rapid response of the anti-virus allowing it to scan arriving data real-time along with files received earlier and to deliver e-mails to end-users without a notable delay.

Vade Secure

The vaderetro plugin utilizes its own library updated regularly for better quality of filtering. High junk filtering productivity is combined with low consumption of system resources allowing the anti-spam to operate smoothly on older hardware.

Depending on the results of the analysis each message receives the score from the VadeRetro library – an integer ranging from -10000 to +10000. The higher the score is, the more likely the message is to be spam.

The threshold value is set by the SpamThreshold parameter of the plugin configuration file. If the score equals the value of the SpamThreshold parameter or exceeds it, the message is considered to be spam.

Upon completion of a message analysis, Vade Secure may add (depending on the plugin settings) corresponding headers to the message.

Supported OS

  • Linux distributions with kernel version 2.4.x and higher;
  • FreeBSD v.6.х and higher for Intel x86 and amd64 platforms;
  • Solaris v.10 for Intel x86 and amd64 platforms.

Supported mail systems

  • CommuniGate Pro, Courier MTA, Exim, Postfix, QMail, Sendmail, ZMailer.