Comparison of AV solutions for Mail Servers
here are two main approaches for Mail Servers
to incorporate the use of Anti-Virus. One way
is to integrate the Anti-Virus engine into the
mail server as a plug-in (AV enabled). The other
method is to use an additional SMTP gateway that
is provided by the Anti-Virus vendor and typically
does not run on the same computer as the Mail
Server. Kerio Mail Server can take advantage of
both options; however, for the reasons outlined
below KMS should only be used as an AV enabled
Mail Server.
AV enabled Mail Server
The Mail Server uses a 3rd party AV scanning
engine to scan all e-mail communication. This
solution is transparent and does not require any
changes in the existing network/client configuration.
Under this scenario both the Anti-Virus component
and Mail Server reside on the same physical computer.
SMTP based gateway product
Usually available from the AV vendor, this solution
works by scanning SMTP communication before it
is passed to the Mail Server. This is achieved
by running the SMTP AV gateway as a separate component
either on a remote computer or, in some cases,
on the same computer as the mail server. This
type of scenario is generally used only when the
mail server cannot support an Integrated AV solution.
AV enabled Mail Server vs. SMTP AV Gateway
| Feature |
AV enabled Mail Server |
SMTP AV Gateway
|
| Security |
Modern mail servers support
multiple messaging protocols, like IMAP, WWW
based interface or MAPI. There are many ways
that a message can enter the Mail Server system,
not only through SMTP. Whenever a new message
enters the system (or an existing message
is updated), it must be checked for viruses.
An AV enabled Mail Server will pass all email
to the AV engine, regardless of the protocol
used. |
Only messages entering
the mail system through SMTP are checked for
viruses. If, for example, an employee of a
company uses webmail to send a piece
of mail to another employee within the same
company, the email will be placed directly
in the recipients mailbox without using SMTP
protocol and therefore will never be scanned
by the Anti-Virus gateway. |
| All components are part
of the Mail Server. All email is therefore
processed directly through the mail server,
ensuring that no email could be delivered
without being scanned. |
If the mail server does
not offer a sufficient level of security features
it may be possible to bypass the AV SMTP gateway
and send mail directly through the mail server. |
| Functionality |
The AV scanning engine
does not interact directly with users or the
administrator in case of AV related events.
Interaction is rather performed by the mail
server (notifiyng users/administrator of infected
files). Messages coming from the messaging
system (MailServer+AV) are more consistent,
since they are generated by the MailServer
only. |
The AV software uses its
SMTP service to gererate its own messages
about AV related events. The AV does not know
any users local to the Mail Server and cannot
act accordingly so it will additionally rely
on the administrator of the Mail Server to
take further action. In other words, there
is a reaction to an infected email from both
the AV gateway as well as the Mail Server.
|
| Configuration |
By enabling AV functionality
in the Mail Server configuration, the solution
is up and ready. The administrator can configure
AV functions from within the Mail Server administration.
|
The administrator will
need to reconfigure the Mail Server to listen
on different ports if both components are
located on the same comptuer. This also requires
that the AV SMTP gateway is able to send email
using the TCP port that the Mail Server is
listening on for SMTP mail. The SMTP service
of the Mail Server must also need to be configured
so that the AV SMTP gateway cannot be bypassed.
|
| Relay Protection |
The Mail Server receives
SMTP mail directly, it can authenticate users
through an SMTP session or use other verification
means to suit a specific environment. |
When SMTP-AV is deployed
the AV SMTP gateway cannot use authentication
because the SMTP-AV does not have the user
database. It may support IP based relay control
but this solution is only viable when trusted
users have static (known) IP addresses. |
| Encryption |
Many SMTP servers such
as Kerio Mail Server support encryption using
SSL to protect message content as it is transmitted
over non-trusted networks such as the Internet.
|
These solutions usually
do not support encrypted SMTP. This means
that users on public networks may capture
the SMTP communication and view the content
of messages. |
|
| |
|
 |
 |
| Wireless email and
groupware synchronization without middleware.
Integrated McAfee Antivirus instantly removes
viruses from incoming and outgoing email.
Multiple anti-spam technologies for the most effective
spam control.
Kerio WebMail with drag-and-drop makes a great
alternative to Microsoft Outlook.
Server-based calendars and address books synchronize
seamlessly with Outlook, Entourage, WebMail, and
mobile devices.
Exchange Migration Tool imports all user data
from Microsoft Exchange. |
 |
|
| Control the
spread of viruses!
Kerio MailServer supports a variety of gateway
virus scanning solutions, ensuring both incoming
and outgoing messages are virus free. Scanning
mail through KMS allows an administrator to update
the anti-virus software from a single location,
rather than updating each computer in the network.
Together with its integrated attachment filtering,
KMS can achieve a very secure environment for
email communication, at a fraction of the price
of other email servers. |
|
