MailScanner

1 / 25

About This Presentation

Title:

MailScanner

Description:

EPA CID conducts criminal investigations, refers cases to prosecutors and ... traditionally have criminal and civil investigation/ prosecution authority ... – PowerPoint PPT presentation

Number of Views:96

Avg rating:3.0/5.0

Slides: 26

Provided by: julian

more less

Transcript and Presenter's Notes

Title: MailScanner

1
MailScanner

Making the Interneta safer place
Julian FieldUniversity of Southampton

2
The Problem

Spam accounts for 35 of all mail traffic
-age of incoming mail is even higher
About 1 in 150 messages contains a virus
So a site processing 50,000 messages per day
wastes time and resources on 20,000 spams and
risks a virus outbreak over 330 times every day

3
What Is MailScanner?

It is an e-mail security system deployed on your
e-mail gateways and servers
It will capture every known virus passing through
your e-mail servers
It will identify and handle well over 95 of all
the spam

4
What Is MailScanner (cont.)

Checks for most common attacks on
previously-exploited security vulnerabilities
Highly configurable to provide different settings
for any arbitrary group of users or domains
It is very fast, robust and secure much lighter
load than other systems
Many other features!

5
You Could Go Commercial

If you have the money to pay people like
MessageLabs, Trend or Brightmail, then you
probably arent here!
As an example, 3 years ago Trend quoted us about
50,000 per year to virus check mail coming into
our University
At recent InfoSec show, 56,000 would buy a PC in
a 2U case running a very naïve anti-spam system
a choice of 2 virus scanners

6
Reputation

Protects over 500 million messages per day at
about 20,000 sites in over 45 countries on 6
continents (Im still working on Antarctica!)
Used by US Navy Central War Command, US Army and
government departments
Used by European Commission, WIPO, UCLA, Harvard,
MIT, Siemens, HP, BAe, UK Research Councils,
Cambridge University and many other commercial
and non-commercial sites
Over 100,000 downloads

7
MailScanner is Free

You may need to buy some hardware to operate it.
Many sites can just run it on existing hardware.
1 PC can fully process up to 1.5 million messages
per day.
You will probably want an anti-virus engine

8
Anti-Virus Engines

15 are supported, including all the major market
leaders
ClamAV is free but not recommended for sole use
F-Prot is 300 per server regardless of number of
users
Sophos is very good and has excellent CHEST
discounts

9
Virus Scanning

Scans all e-mail passing through it for viruses
using any combination of the supported anti-virus
engines
Many sites run 2 or 3 different engines for
better coverage and resistance against brand new
viruses

10
Spam Scanning

Scans for spam using a wide variety of techniques
including
DNS blacklists
over 800 heuristic rules
Bayesian probability system
Distributed network-based checks such as Razor,
DCC, Pyzor which track the frequency of messages
around the world to identify spam

11
Attachment Filenames

Allows/denies attachments based on filename,
providing implementation of any email security
policy. Easily used to block attachments which
are common ways of disguising viruses, e.g.
ReadMe.doc.exe
These can be varied for different users

12
HTML-based Attacks

Scans for common signs of attack such as
and HTML tags
Both have been used many times to exploit
vulnerabilities in Outlook ( Express) and
Internet Explorer
Dangerous HTML content can be stripped

13
Other Attacks

Denial of Service attacks such as the Zip of
Death or DNS blocks
Looks for, and will optionally ban
messages with external bodies
partial or fragmented messages
Attempts to scan these would open up system to
Denial of Service attacks
Quietly fixes Eudora/Cyrus IMAP incompatibilities

14
Encrypted E-Mail

Can selectively enforce or ban use of encrypted
email between addresses
Will save public keys from email messages
allowing future automatic encryption to be
implemented if needed

15
Virus Handling

Attachments containing viruses or other security
problems are removed
All safe content is delivered untouched
Recipients and senders get a warning explaining
what happened and who they should contact for
help
System admin notified of basic details of message
and what viruses were found

16
Spam Handling

Subject line is tagged so users can filter
easily
Message may be tagged, delivered, deleted,
archived, bounced and/or stripped to plain text
Stripping to plain text is extremely effective
against the rising tide of pornographic spam
1 in 1800 messages

17
MailScanner vs blacklists
Spam breakdown of our incoming mail for April
May 2003
Total messages 791,000
18
Highly Configurable

Virtually all configuration parameters can be set
using fixed values, rulesets or Custom
Functions
Rulesets allow different values for any users or
domains you specify
Reports are supplied in 15 languages
Language can be different for different domains

19
Custom Functions

These allow implementation of any other
configuration model you choose, including
external databases of user options
Several examples are provided
Minimal Perl knowledge needed

20
Very Easy To Install
3.4

Current record is 11 minutes for a complete
system installation including all Perl modules
and a virus scanner
Installation script automates most of the process
for you
Installs all required Perl modules
Configures RPM build options
Fixes POD (Perl Documentation) problems

21
Very Easy To Install

All configuration options are set to sensible
defaults
Only 1 configuration option needs to be changed
from the default the virus scanner
Easy-to-follow installation guides provided for
sendmail, Exim, Postfix and ZMailer systems
No sendmail.cf changes at all

22
Recent Additions

Support for SpamAssassin 2.55
Spam can be converted into an attachment of the
original message, forcing user to click through
to the spam message
Easy upgrading of MailScanner.conf file
to and from any version
Per-domain spam whitelists blacklists

23
Recent Additions