Dr.Web for Unix Mail Servers

Meet highest security standards

Dr.Web for Unix Mail Servers is certified by Russia’s Federal Service for Technical and Export Control (FSTEC) and Federal Security Service (FSB) and, subsequently can be used in networks with high security requirements. Dr.Web for Windows meets all of the requirements of anti-virus products regarding the protection of personal information as stated by Russian law and can run on computers requiring maximum protection.

Flexible configuration

Dr.Web for Unix Mail Servers can be configured using rules providing greater flexibility compared with competitive solutions that can only be set up using static parameters in configuration files. Messages are filtered and modified according to established policies where the administrator can configure individual processing rules for different users and groups and even for each e-mail. It allows the product to meet any requirements to corporate security.

Low system requirements

The system requirements of Dr.Web for Unix Mail Servers are very low allowing it to run on any server hardware. It makes the anti-virus a perfect choice for companies that can't afford modernizing their server hardware on a regular basis to meet ever growing requirements of most anti-virus solutions.

Minimal TCO

Unlike many competitive solutions Dr.Web for Unix Mail Servers enjoys the most flexible multi-optional licensing. A customer buys only components they need and doesn’t pay for software they don’t need and will never use.

Perfect scalability

Dr.Web for Unix Mail Servers with its capabilities for processing huge amounts of data real-time, reliability and flexibility meets demands of small companies using one mail server as well as unlimited requirements of multi-national telecom providers for scan of mail traffic.

Rapid response

Multi-thread scanning ensures rapid response of the anti-virus allowing it to scan arriving data real-time along with files received earlier and to deliver e-mails to end-users without a notable delay.

Efficient filtering of unsolicited e-mails

Dr.Web anti-spam is shipped as a solution component (but never as a separate product). It is installed on the server where the anti-virus product resides. It simplifies administration of the solution and lowers its TCO compared with competitive solutions.

Additional advantages of Dr.Web anti-spam

• the anti-spam doesn’t require configuration or training. Unlike anti-spam solutions based on Bayesian filtering, it starts working as soon as the first message arrives
• It detects spam messages regardless of their language
• Customizable actions for different categories of spam
• The white and black lists of its own rule out a possibility for a company to be discredited by adding it deliberately to lists of unwanted addresses
• Record-low number of false positives
• Stays relevant with one update in 24 hours – unique spam detection technologies based on several thousands of rules allow the anti-spam to stay up to date without frequent downloads of bulky updates

Enhanced security for corporate mail

The modular structure of Dr.Web for Unix Mail Servers allows integrating the product with various mail systems or using it as an SMTP proxy —a filter processing e-mails before they are received by the mail server. Dr.Web for Unix Mail Servers and an additional SMTP proxy used simultaniously provide:

• Better overall network security
• Improved filtering quality with no limitations caused by a mail server
• Lower workload of local mail servers and workstations
• Greater stability of the mail filtering system

Protection of confidential information

The quarantine managed over the web-interface or by means of a special utility and the option for archiving all e-mails transferred through the filter allow tracking causes of data leaks and restoring messages accidentally deleted by users from their mail boxes.

Guaranteed delivery of e-mail

Guaranteed delivery of all messages makes configuring a mail server easier. Even if a user is unavailable for a long period of time and can’t receive a message, it will be stored in a special directory.

Easy administration

The web-interface allows administering the product from any computer connected to the Internet.

Open solution

Dr.Web for Unix Mail Servers can be integrated with solutions from other developers. With the open API users can also add new features to the product.

Unlimited number of plugins

New features for protection of e-mail can be added to the product without any limitations so that any written plugin will immediately work with all supported MTA.

These are not the only advantages of Dr.Web for Unix Mail Servers!

Plugins

Currently the following plugins are available for Dr.Web for Unix Mail Servers:

Drweb

Drweb — is an e-mail anti-virus scan plugin for checking e-mails with the Dr.Web engine. The Drwebd is a scanning module required for operation of the plugin. Messages delivered to drwebd for scanning are already parsed, so neither the drwebd module nor the engine feature a mime-parser. The plugin shows good performance, high detection rate and a rapid response combined with low consumption of system resources.

Stable operation

The modular architecture of the solution and its special failure control module provide exceptional stability of the plugin. It is virtually impossible to render it non-operational.

Rapid response

Multi-thread scanning ensures rapid response of the anti-virus allowing it to scan arriving data real-time along with files received earlier and to deliver e-mails to end-users without a notable delay.

Quarantine

Infected and suspicious objects detected by the plugin can be placed to the quarantine so later one may try to retrieve useful information, cure or delete quarantined messages.

Easy administration

Flexibility of configuration files allows customizing parameters of the plug-in as the user sees fit. All actions of the plug-in are logged and can be analyzed to identify bottlenecks. Prompt alerting enables administrators to respond to emerging threats in a timely manner.

Open solution

The open MailD architecture enables users to implement additional features that will use DrWeb plug-in with the help of the open SDK and detailed documentation.

Headersfilter

Headersfilter is a header-based message filter used to check e-mails and their attachments. The plugin allows users to add custom filtering rules. Regular expressions can be used to define such rules. Flexible settings of the plug-in allow implementing any number of rules. The plug-in never overloads a system and performs required tasks very quickly.

Easy administration

Flexible rules that can be created using regular expressions allow setting e-mail processing according to requirements of the user. A prompt notification system ensures that a system administrator can perform necessary actions in a timely manner.

Open solution

The open MailD architecture enables users to implement additional features that will use DrWeb plug-in with the help of the open SDK and detailed documentation.

Stable operation

The modular architecture of the solution and its special failure control module provide exceptional stability of the plugin. It is virtually impossible to render it non-operational.

Rapid response

Multi-thread scanning ensures rapid response of the anti-virus allowing it to scan arriving data real-time along with files received earlier and to deliver e-mails to end-users without a notable delay.

Modifier

The modifier changes processed e-mails using established rules which allows processing incoming and outgoing messages in accordance with corporate standards. In particular using the plugin and the archiving feature allow preventing information leaks. Analysis of filtered messages can be performed via a quarantine management utility.

Easy administration

Flexible configuration allows performing an unlimited number of modifications of processed messages, so a system administrator can create an infinite number of rules to ensure compliance with e-mail security policies. Regular expressions provide full customization of filtering parameters while prompt notifications allow the administrator to take necessary actions in a timely manner.

Open solution

The open MailD architecture enables users to implement additional features that will use the DrWeb plug-in with the help of the open SDK and detailed documentation.

Stable operation

The modular architecture of the solution and its special failure control module provide exceptional stability of the plugin. It is virtually impossible to render it non-operational.

Rapid response

Multi-thread scanning ensures rapid response of the anti-virus allowing it to scan arriving data real-time along with files received earlier and to deliver e-mails to end-users without a notable delay.

Vaderetro

The vaderetro plugin utilizes its own library updated regularly for better quality of filtering. High junk filtering productivity is combined with low consumption of system resources allowing the anti-spam to operate smoothly on older hardware.

Depending on the results of the analysis each message receives the score from the VadeRetro library – an integer ranging from -10000 to +10000. The higher the score is, the more likely the message is to be spam.

The threshold value is set by the SpamThreshold parameter of the plugin configuration file. If the score equals the value of the SpamThreshold parameter or exceeds it, the message is considered to be spam.

Upon completion of a message analysis, Vade Retro may add (depending on the plugin settings) corresponding headers to the message.

System requirements

Supported OS and mail systems

• Linux (glibc 2.2 and higher), FreeBSD 6.x, 7.x, 8.x, Solaris 10 (Intel only).
• CommuniGate Pro, Courier MTA, Exim, Postfix, QMail, Sendmail, ZMailer.

Description

Dr.Web for Unix Mail Servers with its flexible configuration, reliability and its capabilities for load-balancing and real-time processing of huge amounts of data meets demands of small companies using one mail server as well as requirements of multi-national ISPs for scan of unlimited amounts of data.

Dynamic load balancing optimizes server performance without additional testing.

The configuration testing and service control interface enables on-the-fly configuration of operation of services which significantly simplifies system maintenance and allows its faster deployment.

Settings of the filtering service and quarantine can now be stored in storages of different types ranging from ordinary files to databases like Oracle.

LDAP directory services are used to store settings. It provides integration of the solution into the structure of the corporate directories service and makes administration of the solution easier.

Dr.Web for Unix Mail Servers is a group of interacting software modules. The range of tasks performed by the solution depends on loaded plug-ins (libraries, responsible for processing of e-mails).

The e-mail messages are processed by the modules of the e-mail daemon as follows: incoming messages are received by the Receiver module which transfers them to the Checker module (drweb-maild). The Checker module uses plug-ins one by one to analyze the messages.

Messages that passed scanning by mail daemon’s plugins are forwarded to the mail system by the Sender module. Plugins processing e-mail traffic generate reports on scanning results are created. Such reports are generated by the Notifier module (drweb-notifier) and can be mailed to senders or recipients of messages and to a system administrator. he processing of e-mails by the e-mail daemon can be flexibly regulated by rules.

In accordance with effective security policies filtered out messages can be placed in the quarantine. If necessary, all actions (search, removal of messages from the quarantine, archiving) can be carried out using the web-interface, a special utility or administration messages. Quarantine management with administration messages is also available to users.

Rules are added into the daemon’s configuration file — it is one of the most useful features of the software. Rules set in the mail daemon configuration file allow changing operational parameters of the mail daemon depending on the contents of processed messages. The current version of the mail daemon allows setting rules for sender and recipient addresses and for particular types of malicious objects found in messages.

Dr.Web for Unix Mail Servers can archive all incoming and outgoing messages allowing restoring accidentally deleted e-mails and determining how an infection spread over a network.

Updating

Always up-to-date

• Updating over the Internet, whether automatically or according to a schedule, doesn’t require user interference. Updating can also be launched manually.
• Updating is very quick even if a slow Internet connection is used.
• Updating servers are always available.
• Updates can be retrieved from an HTTP server.
• In most cases, there is no need to reboot the system to complete updating; Dr.Web starts using the updated modules and latest virus definitions right away
• Updates are small (50-200KB).
• To save traffic the anti-virus can be set to update virus databases only However, enabling this option is not recommended. To counter the latest threats, Dr.Web undergoes constant refinement. New features are incorporated in updated modules of an anti-virus package and are downloaded from Doctor Web's server automatically during regular updating sessions.
• You can also reduce traffic by downloading updates as archived files A special data-compression algorithm used by Doctor Web allows reducing size of downloaded updates. Patch files are used to deliver minor additions and fixes for virus database or program modules. The special compression algorithm applied to such patches dramatically reduces the amount of transferred data.

Virus monitoring service

• The Doctor Web virus monitoring service collects samples of malicious programs all over the Internet to create antidotes and release updates as soon as analyses are completed — as often as several times per hour.
• As soon as an update is released, users can retrieve it from several servers located at various points of the globe.
• To avoid false positives an update is tested over a huge number of uninfected files before it is released.
• The intelligent system automatically adds entries for similar viruses into the database, ensuring the prompt neutralization of emerging threats.

Licensing

Types of licenses

• Per number of protected users.
• Per server license – unlimited scanning of server e-mail traffic for as many as 3,000 protected users.

Dr.Web for Unix Mail Servers can be purchased as a separate product or as a component of Dr.Web Enterprise Security Suite. In the latter case the license also covers the Control Center of Dr.Web Enterprise Security Suite and Anti-spam.

A license for Dr.Web for Unix Mail Servers may also include the SMTP proxy as an additional component. Using these products together improves general network security and reduces the workload of local mail servers and workstations.

License options

• Anti-virus
• Anti-virus + Control Center
• Anti-virus + SMTP proxy
• Anti-virus + Control Center + SMTP proxy
• Anti-virus + Anti-spam
• Anti-virus + Anti-spam + Control Center
• Anti-virus + Anti-spam + SMTP proxy
• Anti-virus + Anti-spam + Control Center + SMTP proxy

Dr.Web for Unix Mail Servers is also included in low-cost Dr.Web bundles for small and medium companies.

Components

Receiver

The Receiver component is responsible for the receipt of e-mails, either directly from e-mail systems, or on SMTP/LMTP protocols, and their subsequent transfer to the drweb-maild component. Depending on the e-mail systems and protocols used, the functions of the Receiver component are performed by different modules (drweb-receiver, drweb-milter, drweb-cgp-receiver, etc.), and simultaneous operation of several modules of the Receiver component is supported, which allows to receive and process e-mail from several sources simultaneously. Certain modules of the Receiver component support modification/sending of received messages based on the check results received from the drweb-maild component. For example, the drweb-milter module has the functionality, which allows it to return the results of check of messages to the SendMail system before an SMTP session ends.

drweb-maild

This is the main component for processing e-mails. The drweb-maild component performs the mime-parsing of messages, transfers the messages for processing to plug-ins and stores messages in the database.

The processing of e-mails is made by plug-ins to the drweb-maild module. Plug-ins can be launched and unloaded at any time, without terminating the drweb-maild module. The messages are processed by plug-ins according to the processing order specified by the administrator. The plug-ins are assigned to two queues – BeforeQueueFilters and AfterQueueFilters.

Immediately after the message is received, it is processed by the plug-in from the BeforeQueueFilters queue. Then, if the AfterQueueFilters queue is empty, the processing results of the message are sent to the Receiver component. If the AfterQueueFilters queue has some other plug-ins, the message, after it is processed by the plug-in from the BeforeQueueFilters queue is forwarded to the database and then is sent to the internal queue of the drweb-maild module and the return code of the successful check is sent to the Receiver component. Then the message is checked by the plug-ins from the AfterQueueFilters queue.

The check results are either sent to the Receiver component (if such possibility exists, for example, if the check result time-out has not expired yet), or to the Sender component. All the messages generated by plug-ins are also sent via the Sender component. Certain plug-ins require support of the database in order to function. Such plug-ins cannot be assigned to the BeforeQueueFilters queue.

drweb-notifier

The module generates reports on the operation of the complex. Additionally, installed plug-ins can add their own types of notifications. Request for generation of reports can be sent to both by plug-ins (for example, when a virus is found), as well as other components of the system. For example, the drweb-maild module can send requests to generate a statistics report of all plugged in components and the Sender component can send a request to generate a DSN report when a message cannot be delivered.

Sender

This component sends messages either directly to different e-mail systems, or on SMTP/LMTP protocols. Depending on the e-mail systems and protocols used, the functions of the Sender component are performed by different modules (drweb-sender, drweb-cgp-sender, etc.). The Sender component can receive requests to send messages from drweb-maild, drweb-notifier and drweb-monitor components.

drweb-agent

The drweb-agent module provides the option to process e-mails both autonomously or together with Dr.Web Enterprise Security Suite. All components of the system, except for drweb-monitor, receive their configuration files via the drweb-agent module, that is why it should be launched before other components. The drweb-agent module checks the license and collects statistics on the operation of the components of the system: names of detected blocked objects, the volume of the traffic checked, etc.

drweb-monitor

An auxiliary component which launches and terminates the modules of the system in the specified order and controls their operation. In case some module of the system fails to operate drweb-monitor re-launches it and, if it is specified in settings, notifies the administrator about this.

Dr.Web for Unix Mail Servers online testing

Dr.Web LiveDemo is a unique remote online testing service for Dr.Web anti-virus solutions. Currently it allows users to try out a number of products including Dr.Web for Unix Mail Servers.

With Dr.Web LiveDemo system administrators can test the in a virtual local network deployed by Doctor Web before they decide which product they want to buy. In order to access Dr.Web LiveDemo simply fill out this form.

A mail server’s limited capabilities often prevent mail anti-virus scanners from realizing their potential. As a result, virtually all network administrators become confronted with the problem of what to do when their anti-virus and anti-spam protection systems can’t be set to operate at maximum efficiency. Dr.Web for Unix Mail Gateways solves this problem.

The product can be installed in the demilitarized zone (DMZ) or integrated with an existing mail system. With the mail scanning server placed in the demilitarized zone, a mail server is not connected to the Internet directly. In this case, even if a hacker succeeds in compromising the server, he won’t get access to sensitive company information. The solution performs a full scan of SMTP/LMTP mail traffic.

Advantages

• Improved filtering quality with no limitations caused by a mail server
• Decreased workload for internal mail servers, content filtering servers, mail and Internet gateways, and workstations
• Increased stability of mail scanning and better overall network security

Protection from spammer attacks

An administrator can restrict parameters of the SMTP-session to prevent spammer attacks.

Protection from disguised spam

With the IP validation feature, your company is protected from spam messages sent with forged sender IP addresses.

Protection from hacker attacks

The product can withstand passive attacks such as PLAIN and LOGIN, as well as active non-dictionary attacks.

Protection from spam traps

Dr.Web for Unix Mail Gateways can check whether the recipient address is a spam trap.

Correct processing of malformed e-mails

The product can block messages with an empty sender field but correctly processes messages that violate standards due to malforming by certain mail clients.

Reduction of Internet traffic

Dr.Web for Unix Mail Gateways allows the size of mail attachments to be restricted.

Open Relay servers with limited relay list

If a company needs to use an open mail relay server, Dr.Web for Unix Mail Gateways will help an administrator restrict the list of domains to which the server will relay messages.