Lists of frequently asked questions
Dr.Web topics for MS Exchange
Why is an anti-virus required to protect a mail server?
Every day the Doctor Web virus monitoring service collects more than 250,000 new malicious programs, the most dangerous of which have been developed by professional virus writers who are members of criminal organizations. These programs focus on stealing money from single companies (or a series of “targeted” companies); the creators of these programs know what security systems are in use, and devise their malware accordingly.
It is commonly believed that by installing a protection system on a mail server, one can reduce the inflow of spam and the number of viruses in a company network, and speed the delivery of important emails. But apart from solving these problems, a modern mail server anti-virus also affords the opportunity to delete previously unknown malicious programs from mailboxes. Only by installing an anti-virus on a company mail server can one escape situations in which the server becomes a source of infection. An anti-virus can’t protect a server file system, because such anti-viruses can’t cure databases, including mail server databases.
How can one ensure maximum efficiency with regard to mail traffic filtering?
Any mail server restricts the capabilities of the anti-virus that is installed on it. For example, the widespread MS Exchange mail server transmits for analysis only parts of an email, not the whole thing, which significantly complicates the analysis, including the analysis for spam. For increased effectiveness, it is strongly recommended that mail traffic filtering be transferred to a separate server that is independently capable of receiving and transmitting email messages. This simultaneously improves the quality of scanning and (in some cases) reduces the cost of licensing the mail server. For this purpose, an additional Dr.Web component—SMTP Proxy, which is the part of Dr.Web Mail Security Suite—should be used. This component extends the product’s features, e.g., it allows source addresses to be checked and system user authorization and many other features to be employed.
How is it possible to protect a company's network against previously unknown malicious programs?
The latest malicious programs, undetected by all heuristic mechanisms, reach the virus monitoring laboratory, and thus their victims, only after criminals have begun spreading them.
It is imperative to take into account the probability of criminals being able to bypass a company’s security systems and access its network (or employees’ PCs) and also the possibility of criminals being able to impact the protection systems in use, with the goal of stopping their operation.
To minimize risks to mail servers in particular, user mailboxes should be scanned regularly with an anti-virus to check for the presence of previously unknown malicious programs.
How can I prevent criminals from bypassing the system?
No anti-virus can detect the newest malicious programs 100 percent of the time. Even tests designed to detect malicious programs created after the latest anti-virus update say nothing about an anti-virus’s capacity to reveal the ‘infection’ created by criminals familiar with the anti-virus. Such anti-virus programs will not be detected by an anti-virus right up to the moment the necessary update is received.
That’s why the choice of an anti-virus should not be based on “test” results, but on an understanding of the following features of an anti-virus system:
- An anti-virus has to have a reliable system of self-protection— criminals must not be able to disable the anti-virus (or one of its components).
- Anti-virus updating and control systems must be completely under the control of the anti-virus’s self-protection system and must not use system components that are not under its control.
Once a company’s computers fall into a botnet, they often become a source of spam, and that harms the company’s reputation among its partners. Using Dr.Web Mail Security Suite and Dr.Web Desktop Security Suite will significantly reduce a company’s risk of becoming compromised by being blacklisted and disconnected from the Internet for acting as a spam bot.
A system for scanning mail traffic must be installed on the server as well as on the work stations, because incoming and outgoing messages go not only through a company’s mail server, but also directly through employees’ PCs (via SMTP, pop3/imap4 and closed links). In addition, the mail server (or the programs installed on it) can create mailings, including unwanted messages.
How can I test Dr.Web for MS Exchange before I buy it?
For evaluation purposes, you can use the trial version. Download the distribution from Doctor Web's site at http://download.drweb.com/demoreq. The demo license period is 30 days.
You can also take advantage of the Dr.Web LiveDemo remote testing service by filling out an application at https://download.drweb.com/live_demo. It should be noted that when testing a product via Dr.Web LiveDemo, the accompanying step-by-step instructions on how to test the product’s basic functionality are tremendously helpful.