Scorpio Informatics: Scorpio Informatics: Announcements: MailServer Upgrade And Antivirus Scanning


Home	Products	Services	Knowledge Base	Contact	Partner With Us


	Main Index	Search Posts	WHO'S Online	LOG IN

Search for (options)

Forum Rules :: Thu. Aug 28, 2008

Home: Scorpio Informatics: Announcements:
MailServer Upgrade And Antivirus Scanning

Admin
Deleted

May 24, 2004, 8:56 PM

Post #1 of 5 (3229 views)
Shortcut

MailServer Upgrade And Antivirus Scanning	Can't Post

Hi.

We have upgraded the MTA to latest version as there was a security flaw reported on the version that we were running. Simultaneous with this upgrade also comes about a change on the "Scanning of the Messages for Virus". Please note the following:

Earlier Before The Upgrade:

All Mails Were Scanned For Viruses once the same was delivered to server.
The Messages With Virus Were Marked with {Virus?} in the subject line.
The dangerous content was deleted.
The balance mail was delivered to the account if ok after deleted dangerous content.

Currently After The Upgrade:

Mails with Virus or dangerous content are not at all allowed to be delivered to the server. The connection to remote server is refused with a error which would be visible to the sender if it was a Human Being sending the infected mail.

So a "4 step process" is reduced to just "one step process". This now means that the users would not now have any Message with a marking of {Virus?} as none of the suspected messages would ever be allowed to get to the server. This is because the content is checked before the delivery is accepted.

This would be having a further advantage that the Server Resources would be much less used as compared to the earlier process.

For trying out the new setup yourself try the following URL (do not check the last two checkboxes) and see if the message can be delivered to your account on our servers.

http://www.aleph-tec.com/eicar/

However, please be informed that None Of The Antivirus Scanners offer 100% hit rate in detecting Viruses.

Cheers
Admin.
Scorpio Informatics

(This post was edited by Admin on May 24, 2004, 8:57 PM)

Admin
Deleted

May 27, 2004, 3:48 PM

Post #2 of 5 (3209 views)
Shortcut

Re: [Admin] MailServer Upgrade And Antivirus Scanning [In reply to]	Can't Post

Hi.

Further enhancements towards blocking of any message at SMTP level which has certain attachment types which were used as the basis for the ILOVEYOU virus and its variants - many many varients. Currently such Messages were being allowed in and then bounced back. We found that this was leading to building up of mail queue with bounced messages as the sender was a "Fake" address. The attachment type which are refused are:

ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:
lnk:mdb:mde:msc:msi:msp:pcd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc

All Such Messages Are Blocked At SMTP level with a Message To Sender Like Following:

This message has been rejected because it has
a potentially executable attachment (attachment name)
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.

This has significantly reduced the Bounced Messages Queue To minimal from the earlier thousands of Messages In Queue Per Day.

Cheers.
Admin
Scorpio Informatics

(This post was edited by Admin on May 28, 2004, 9:51 AM)

Admin
Deleted

Jun 10, 2004, 11:34 AM

Post #3 of 5 (3186 views)
Shortcut

Re: [Admin] MailServer Upgrade And Antivirus Scanning [In reply to]	Can't Post

Hi.

Now even the local user to local user delivery of infected messages is not possible. However, the sender would not recieve any bounce message in this scenario. The Message if infected (for example attaching a Virus Infected attachment from your desktop) would be rejected and not reach the intended recepient. You would also not get any bounce message. The intention is to protect the recipient from receiving any virus infected message whether from local smptp or remote smtp.

Over remote SMTP, there would be a bounce message to the sender however.

Cheers
Admin
Scorpio Informatics

(This post was edited by Admin on Jul 2, 2004, 1:30 AM)

Administrator
Administrator / Moderator

Aug 30, 2004, 10:11 AM

Post #4 of 5 (2805 views)
Shortcut

Private Reply

Re: [Admin] MailServer Upgrade And Antivirus Scanning [In reply to]	Can't Post

Hi.

Malilserver has been upgraded to Exim-4.42 after having implemented DCC check to earler version. This upgrade of MTA software brings the same to the most current stable release. All other components integrtated to earlier version remain operational.

We would like to mention that post DCC implementation, the SPAM has further been reduced and most of our customers have been encouraging us. SPAM as per feedback available from our customers on random basis have now been restricted to a couple per day at the most, without losing any legit emails.

DCC is a collaborative effort towards reducing SPAM. If anyone uses an email account both for spamming and legitimate emails, then in all probability, even legit mails from such a sender would be blocked by our server.

Additionally, following blocks have also been implemeted which would further trap SPAMS and avoid them being delivered to your mailbox:

IP Address In HELO/EHLO commands refused connections. It's a sure sign of SPAM.
local domains used by Remote MTA in HELO/EHLO commands refused connection. It's a sure sign of SPAM forging the address.

Cheers
Administrator
-------------------------------------------------------------------------------
Scorpio Informatics
-------------------------------------------------------------------------------

(This post was edited by Administrator on Sep 18, 2004, 9:28 AM)

anup
Staff / Moderator

Oct 9, 2004, 3:47 AM

Post #5 of 5 (2763 views)
Shortcut

Private Reply

Re: [Admin] MailServer Upgrade And Antivirus Scanning [In reply to]	Can't Post

Hi.

MTA has been upgraded to Exim-4.43 on 7th October 2004.
All changelog can be found at the official site of Exim at http://exim.org

Greetings
Anup
Scorpio Informatics

Forum Loading Time : 0.25 seconds

Search for (options)

Scorpio Informatics

Scorpio Informatics