Re: OT: Attn Thor
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 21 Jun 2005 01:53:23 -0700
The 3 different AV scanning engines used in order are:
F-Prot
AVG
BitDefender
The software that is used was actually developed about 8 years ago for a
specific e-mail server software. As such, that e-mail server software forms
the foundation of the service. The company has expanded its resources in the
last year and a standalone or gateway version is in the works and is planned
to be out either in 4th QT '05 or 1st QT '06.
Depending on hardware and server configuration, this setup is capable of
processing 200,000 messages per day.
John T
eServices For You
> -----Original Message-----
> From: Greg Mulholland [mailto:gmulholland@xxxxxxxxxxxxxx]
> Sent: Monday, June 20, 2005 3:54 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: OT: Attn Thor
>
> http://www.ISAserver.org
>
>
> So john what products do you use for spam and virus checking?
>
>
>
> Greg Mulholland
> Clear IT
> Level 10, 530 Little Collins Street
> Melbourne, VIC 3000
> Ph: (03) 99097411 Fax: (03) 99097091
>
> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
>
> Sent: Monday, 20 June 2005 6:26 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: OT: Attn Thor
>
> http://www.ISAserver.org
>
> > I pay Spamarrest for my solution now, as it was the best thing I could
> find
> > for HoG at the time. It's not like it is my corporate domain or
> anything--
> > if your service can do that at 99%, then right on- I'd rather pay you
>
> > than some stranger anyway. Can you provide a solution on an
>
> > email-by-email basis, or does it have to be the entire domain?
>
> While my pricing and configuration is based on per domain, it can be
> done on an individual e-mail address basis by having all of the incoming
> forwarded to an address on my service which you would then retrieve
> e-mail from. Of course, that could then be configured to forward all to
> a separate address somewhere (or even configured as an alias for a
> separate address) in which that address would only accept e-mail from
> the address on my server. (Whew, almost ran out of breath.)
>
> For AV/Malicious content scanning, it works like this: A) Message and
> attachments are scanned by 3 different AV scanners. If a virus is found,
> the message is quarantined, appropriate notice(s) are sent, and it is
> then auto deleted after 5 days. B) If no (suspected)virus is found then
> the attachments are compared to a list of banned attachments. If a
> banned attachment is found, appropriate notice is sent and message is
> auto deleted after 5 days. C) If no banned attachment, the message is
> checked for 12 different vulnerabilities. If one is found the message is
> quarantined, an appropriate notice is sent, and the message is auto
> deleted after 5 days.
> The reason for the quarantine for 5 days is for a few different reasons.
> One is as an example 2 major airlines that send out reservation notices
> had vulnerabilities in the message. One of the airlines has stepped up
> to the plate and fixed it. The other refuses to acknowledge the problem.
> Additionally, some times you just have to get a message with a banned
> attachment. What I tell my customers is when they receive their notice
> about a problem message, they can follow the instructions to request to
> have the message reviewed and requeued for delivery. If we get a number
> of repeat or similar requests, we investigate as to the source of the
> issue and how to resolve it.
>
> For spam filtering, it works like this: There are currently 6 types of
> tests run against each message: 1) Sender based. These are tests such as
> does sending domain (domain portion of the from address) exist, accept
> e-mail to postmaster and abuse, coming from listed server for domain,
> accept e-mail to from address and so forth. 2) DNS based tests such as
> is the HELO/EHOL, PTR, MX and A record checks. 3) 25 RBL/DNSBL type
> tests. 4) Message formatting tests. 5) SPAM signature based tests. 6)
> Filter tests such as looking for certain characters, groups of
> characters, words or groups of words in certain places. 7) Combo tests
> which add or remove weight depending upon groups of tests previously
> failed/passed. All of these tests are weighted and contribute to a final
> weight of the message. The action based on the weight is then taken
> according to configuration. We have base actions, and also per domain
> actions and even per user actions. Generally speaking, we PASS, HOLD or
> DELETE. We can also COPY TO, modify the subject, send to a sub mail box
> (such as a spam mail box instead of the main,) redirect or attach it to
> a warning message. Messages held are generally reviewed daily unless
> there is a problem occurring or when configuration changes are made
> whereby we review hourly at first and work back towards normal reviews.
> Additionally, when new clients are added, we at first hold more and only
> delete the most blatant spam and review every 2 hours until we can
> adjust our filters and configuration for them. Why, because no 2 clients
> are like.
> While a school wants clean e-mail, the HR dept of a major employer wants
> and needs those e-mails about the latest sexual harassment laws.
>
>
> John T
> eServices For You
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> gmulholland@xxxxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> All mail to and from this network has been scanned for viruses
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
