Add to the library

EN RU CN DE EN ES FR JP PL UA

News & Events | Promotions | Licensing center | Anti-cyber fraud center | Customers | Company

Dr.Web Mail Security Suite for Unix Appliance

Dr.Web Mail Security Suite for Unix Appliance

Dr.Web Mail Security Suite for Unix Appliance for protection of mail services is implemented as a set of plugins that run simultaneously.

Key features

  • scan of incoming and outgoing messages for viruses and spam.
  • blocking and placing infected and suspicious objects to the Quarantine.
  • sending notifications and alerts on virus events to the system administrator or other selected users.
  • logging all activities of the solution and collecting of stats on its routines.
  • automatic updating of the virus database.
  • summary reports and statistics.
Success stories

A range of tasks that can be solved using the software depends on a set of loaded plugins

插件

目前已开发的插件:

  • Drweb
    Drweb — 邮件反病毒检查插件,使用Dr.Web反病毒引擎对邮件进行反病毒检查。检查使用插件模块drwebd。传送到drwebd进行检查的邮件已被解析,因此引擎或drwebd模块不需要支持mime解析。插件对系统资源的占用和响应用时都极小,同时拥有很高的性能,对文件和应用程序进行高质量的扫描。

    运行稳定
    插件系统为模块结构,且具有负责支持运行状态的专门模块,从而确保插件不间断的运行。破坏插件运行基本上是不可能的。

    快速响应
    多线程检查技术保证系统的快速响应。对文件进行实时检查,无需等待之前接收的件的处理完成,因此最终用户会瞬间接收到邮件!

    隔离区
    插件侦测到的已感染文件和可疑文件可移至隔离区文件夹,这样就可以对这些文件另行处理,包括提取需要的信息、清除或删除。

    方便管理
    通过灵活的配置文件可以将插件设置为用户方便的运行模式。插件进行的所有操作都记录于系统日志,因此可对系统运行进行分析找到瓶颈所在。方便的管理员通报系统能够让管理员在最短的时间内采取必要的操作。

    开放的解决方案
    MailD系统结构开放,因此用户可以利用开放的SDK和详细 说明文档自行扩展Drweb插件功能。

  • headersfilter
    headersfilter — 用于按照信件头对邮件进行过滤。此插件既检查邮件本身,也检查邮件附件。利用此插件用户可以自行添加邮件处理规则。设定过滤规则时可使用正则表达式。插件的设置十分灵活,允许使用任意数量的规则。插件几乎对系统不产生负载,在最短的时间内完成所有操作。

    方便使用
    使用正则表达式可以设置系统跳过或过滤接收的邮件。由于对规则数量没有限制,系统可以按照用户需要进行设置。由于此模块可以先于系统其它模块完成运行,用户可以收到在其它情况下无法收到的邮件。

    方便管理
    使用正则表达式可以将邮件过滤参数设置成用户方便的模式。方便的管理员通报系统能够让管理员在最短的时间内采取必要的操作。

    使用的开放性
    MailD系统结构开放,因此用户可以利用开放的SDK和详细 使用说明文档自行扩展插件headersfilter功能。

    运行稳定
    插件系统为模块结构,且具有负责支持运行状态的专门模块,从而确保插件headersfilter不间断的运行。造成插件无法运行基本上是不可能的。

    快速响应
    最小的系统负载和高速运行保证系统的快速响应,瞬间完成对接收文件的检查,因此最终用户会在邮件到达邮件服务器后即刻接收到邮件!

  • modifier
    插件modifier的功能是按照邮件处理规则对邮件进行改形处理。利用这一插件可以按照企业制度对所有进出邮件进行处理。例如,利用此插件和邮件存档功能可以构建保密信息流失监控系统。同时可以使用隔离区管理工具对过滤掉的邮件进行分析。

    方便使用
    灵活的设置系统为邮件改形处理创造无限的可能。由于对管理员可以创建的规则的数量没有限制,使用本插件可以实施任何邮件安全策略。modifier模块可以在其它模块之前或之后运行,因此可以作为其它模块处理邮件的补充,利用其它插件的运行结果。

    方便管理
    规则制定方式灵活并可使用正则表达式,因此可以根据企业现有的信息安全策略设置邮件过处理参数。方便的管理员通报系统能够让管理员在最短的时间内采取必要的操作。

    使用的开放性
    MailD系统结构开放,因此用户可以利用开放的SDK和详细 说明文档自行扩展插件功能。

    运行稳定
    插件系统为模块结构,且具有负责支持运行状态的专门模块,从而确保插件不间断的运行。破坏插件运行基本上是不可能的。

    快速响应
    最小的系统负载和高速运行保证系统的快速响应,瞬间完成对接收文件的检查,因此最终用户会在邮件到达邮件服务器后即刻接收到邮件!

  • vaderetro
    Vaderetro — 此插件使用自身的Vade Retro库对邮件进行反垃圾过滤。此库不断更新,不断提高过滤质量。反垃圾邮件的研发首先面向的是企业服务器,因此过滤速度是研发最优先的一个课题。每秒钟Dr.Web反垃圾邮件«实时»检查100多个邮件(1.9GHz Pentium 4 CPU计算机),一昼夜即可检查8百万封邮件!过滤器高性能的同时对系统资源要求不高,因此使用Dr.Web反垃圾邮件不需要对设备进行升级。

    根据VadeRetro库对邮件的分析结果,每封邮件给出分值–,为-10000到+10000区间的一个整数。分值越大,是垃圾邮件的可能性越高。

    阀值利用插件配置文件的参数SpamThreshold设置。如邮件获得的分值等于或超过参数SpamThreshold的参数值,则被判定为垃圾邮件。

    结束分析后,Vade Retro库可以在信件中添加以下信件头(取决于插件的设置):

    • X-Drweb-SpamScore: n. 其中n - Vade Retro库给邮件的分值。
    • X-Drweb-SpamState: b. 其中b - Yes用于垃圾邮件或带病毒的邮件,No用于非垃圾邮件和无法送达通知。
    • X-Drweb-SpamState-Num: s. 其中 s - Vade Retro库对邮件的分类结果。 s可以是4个值: 0, 1, 2 и 3. 0 – 邮件不是垃圾邮件,1 – 邮件是垃圾邮件, 2 – 邮件含有病毒, 3 - 邮件是无法送达通知。只有当插件vaderetro配置文件中参数AddXDrwebSpamStateNumHeader的参数值为Yes时才会添加此信件头。
    • X-Drweb-SpamVersion: version. 其中version - Vade Retro库的版本。只有当插件vaderetro配置文件中参数AddVersionHeader 的参数值为Yes时才会添加此信件头。
    • X-Spam-Level: z. 其中z - '*'字符串,每一字符相当于Vade Retro库给邮件评出的10分。只有当此邮件的AddXSpamLevel参数值为Yes时才会添加此信件头。

Anti-virus scan of e-mail
Filtering mail for viruses, spyware, adware, suspicious programs, hack tools and jokers is performed by the Dr.Web anti-virus plugin. High productivity of filtering is combined with low system requirements, so the solution runs perfectly virtually on any server hardware.

Stability
The modular structure of the mail service protection system and a special operation control plugin ensure that the anti-virus plugin is always running, so malware can't disable it.

Rapid response
The multi-thread technology allows simultaneous scan of several files instead of placing them in the queue, so the scan doesn’t delay messages receipt by users!

Dr.Web – 不仅仅是反病毒!
Dr.Web成功侦测、清除或删除所有类型的恶意对象,包括邮件和网络蠕虫、文件病毒、木马程序、无形和隐形病毒、多态病毒、宏病毒、MS Office文件病毒、脚本病毒、间谍程序 (spyware)、密码窃取程序、键盘间谍、拨号器、广告程序(adware)、黑客工具、风险程序、恶作剧程序。

我公司自主研发的的未知病毒侦测技术
Origins Tracing™ — 使用独特的恶意对象非特征码侦测技术,有效补充传统的特征码侦测技术和Dr.Web启发式分析仪,从而大大提高未知病毒的侦测水平。利用这种技术侦测到的恶意对象名称会加上扩展名.Origin

正确扫描存档和压缩文件
Dr.Web能够正确检查现有大多数格式的打包文件和任意嵌套深度的存档文件,包括多卷和自解压文件。Dr.Web能够检查的压缩文件和打包器类型超过1000种,其中某些类型是其他任何一种反病毒软件都无法识别的。

频繁更新
应用病毒样本全球自动采集技术和新型威胁自动识别系统,更新发布前使用大量《干净》文件进行检查,保证用户在任意时刻都能得到可靠的保护:随着新病毒的出现和分析发布“最新”更新,而更新本身是通过分布于世界不同地区的多台服务器到达用户计算机,最大限度对缩短更新获取用时。

Dr.Web病毒库是最小的病毒库之一
Dr.Web病毒库中的一个病毒记录即可侦测几十、几百,有时是几千个类似病毒。 小病毒库还保证Dr.Web软件各组件的交互作用高速运行,不会对处理器造成很大负载。扫描任何类型的对象占时都很短,使用户在打开和加载文件时几乎察觉不到系统检查文件所支出的时间。结合全球更新系统,小病毒库能使更新瞬间完成。

Quarantine
Infected and suspicious objects detected by the plugin can be placed to the Quarantine so later one can try to retrieve useful information, cure or delete quarantined messages.

Easy administration
Flexible configuration system allows configuring anti-virus plug-in the way you need. All actions of the plugin are logged so you can analyze system behaviour and bottlenecks. The system promptly notifies an administrator so he can perform required tasks in a timely manner.

Efficient filtering of spam
The Vade Secure plugin filters out spam messages from user mail using its own library (Vade Secure). The library is updated regularly, so the quality of filtering is constantly improving as well.

High performance filtering
Dr.Web Anti-spam scans over 100 messages on-the-fly in one second (1.9GHz Pentium 4 CPU), which means it will scan 8.64 million messages in 24 hours!

The anti-spam doesn’t require training!
Unlike anti-spam solutions based on Bayesian filter Dr.Web Anti-spam for Unix mail servers doesn’t require any initial training before one is able to use it. The anti-spam starts working as soon as the first message is received!

Intelligent spam detection system
Different technologies are used for different types of undesired mail – spam, phishing-, pharmingг-, scamming-, bounce-messages to ensure yet higher detection probability.

Stand-alone anti-spam saves traffic
The stand-alone anti-spam analyzer module doesn’t require a connection to an external server or access to a database which also saves traffic.

The unique technologies!
The unique filtering technology doesn’t require a block list, so a company can’t be discredited by deliberate adding it to the list.

Regular updates
Anti-spam updates are released on daily basis and downloaded by Dr.Web automatic update utility. The unique technologies allow staying up-to-date with latest filtering evasion techniques applied by spammers with only one update in 24 hours and, therefore, save your traffic.

反垃圾邮件过滤技术

Dr.Web反垃圾邮件过滤技术由几千条规则组成,这些规则大致可分为几组。

启发式分析
启发式分析技术对邮件各个组成部分进行极为复杂的高智能分析,包括信件头各栏、信件体等等。不仅检查邮件内容,也检查邮件附件内容。启发式分析仪不断完善,不断有新的规则添加到分析仪中。

反作用过滤
反作用过滤——Dr.Web反垃圾邮件技术所使用的最先进高效的技术之一,能够识别垃圾邮件为躲避过滤而使用的伪装。

HTML特征码分析
将包含 HTML码的邮件与反垃圾邮件HTML特征码库样本进行对比。这种对比结合垃圾邮件常用图形大小数据会过滤掉常含有在线图形的带有HTML码的邮件。

语义分析
这一分析过程中将信件用语与垃圾邮件常用语进行对比。对比使用专门词典,且对比的不仅是可见内容,还包括隐藏的技术用语和符号。

反欺骗技术
欺骗信(以及欺骗使用的手段之一——网址嫁接邮件)是极为危险的一种垃圾邮件,这类信件包括《尼日利亚信件》、中奖通知、伪造银行及信贷结构信件等。Dr.Web反垃圾邮件中有专门组件对这类信件进行过滤。

技术性垃圾邮件过滤
所谓的弹出消息有可能是对病毒或病毒活动的反应,如广发信件的邮箱蠕虫作用结果,或者是邮件未能送达通知,这类信件同垃圾邮件一样影响用户的正常使用。Dr.Web反垃圾邮件中的专门组件会即将此类邮件判别为不需要的信件。

Active protection against hackers and spammers
Functionality of present-day corporate mail filtering systems is limited because they have to be integrated in mailing systems. Dr.Web Mail Security Suite for Unix Appliances can be installed on a separate server, so mail filtering system becomes more stable, a company that uses the solution enhances its security and saves traffic..

Depending on network architecture, Dr.Web Mail Security Suite for Unix Appliance can be installed in the demilitarized zone (DMZ) or in the local area network of a company. The protected server can be placed in the demilitarized zone so that a mail server is not connected to the Internet directly; In this case even if a hacker succeeds in compromising a server, he won’t get access to sensitive information. Besides, placing Dr.Web Mail Suite for Unix Appliance outside the company network won’t allow a third party to receive information about the application installed on the server which also increases overall security of a network.

Active protection against spam
It is not only the message content that distinguishes spam from normal messages but also SMTP session parameters. Typically a spam message has a large number of recipients or a fake sender address. During a spam attack a lot of messages are sent using one IP-address, or using a fake sender address.

Dr.Web Mail Security Suite for Unix Appliance allows an administrator to restrict the following parameters of an SMTP session :

  • max number of recipients;
  • max number of SMTP-connections for one IP-address;
  • max number of messages in one session;
  • maximum number of Received headers in a message;
  • max number of errors in one session;
  • message max size.

IP-validity verification
One of the properties of a spam message is an invalid sender IP. Spammers have to hide their servers (or spam-bots – compromised user workstations) to avoid getting into the Internet block list.
Dr.Web Mail Security Suite for Unix Appliance allows verifying IP validity thus providing:

  • Sender authentication;
  • Check if a sender host is included in the Protected Domains list using PTR and A requests;
  • Check if a connecting IP-address is included in white or black lists of IP-addresses and domain names;
  • Check if hosts and IP-addresses of a sender or a recipient have matching DNS, A and MX entries;
  • Comparing a host IP-address and a connected host;
  • Lookup an address in RBL/DNSBL blacklists.

Protection against attacks by hackers and spammers
Dr.Web Mail Security Suite for Unix Appliance allows configuring protection against typical attacks directed at a mail server including protection against passive attacks such as PLAIN, LOGIN and active attacks performed without a dictionary search.

Protection against spamtraps
Spamtraps are created in order to find out spammer e-mail addresses. Dr.Web smtp-proxy allows checking if a recipient is a spamtrap, if so – a message won't be sent at the address..

Correct processing of malformed messages
It is well known that some mail clients do not form mail messages in a proper way. Spam programs have the same flaw. Dr.Web Mail Security Suite for Unix Appliance allows blocking messages with empty sender fields; however, it recognizes malformed messages from known mail clients, so no false detections occur.

Saving Internet traffic
Dr.Web Mail Security Suite for Unix Appliance also resolves a problem of high Internet traffic which is especially relevant both for companies with employees carelessly attaching large files to their e-mail and cause mail servers malfunction or companies that become a target for spam attacksв.

Restricted open mail relay
Spammers often used open mail relays - SMTP servers that allow anyone to relay e-mail though them. If a company needs to run such a server, Dr.Web Mail Security Suite for Unix Appliance can be used to create a list of allowed domains to relay e-mail t.