Sanitize your email attachments
Show of hands--how many of you send at
least one email message per day? For many Windows NT professionals, email is the
fabled killer app that developers want to tap into. Indeed, for collaboration
and communication, nothing beats the ease and convenience of email.
Unfortunately, email can also be a vehicle for virus attacks: Most email clients
support file attachments, but the clients don't check file integrity. Because a
large percentage of email messages include attached files, systems connected to
a network or the Internet probably will catch a virus.
Fortunately, there's help. Trend Micro's InterScan E-Mail VirusWall 1.72 is
a service that acts as a gateway between your computer and a Simple Mail
Transport Protocol (SMTP) mail server. The program sits between the server and
clients to detect and clean files before the server delivers the files to their
destination. In short, E-Mail VirusWall cleans the places the other leading
virus scanners, mail gateways, and firewalls can't reach.
The product ships on three floppy disks and includes a fourth disk that
contains the freeware EMWAC Web server (you can also use a third-party Web
server as the host). The product includes a Web server for administrators who
want to configure and update E-Mail VirusWall across an intranet, as they do
Internet Information Server (IIS). Installation is simple enough--just run Setup
from the floppies and select a directory for the program. The setup program will
copy the files and start the service automatically. After the installation, you
can log on to the program. Because the default username and password are
identical, change the password as soon as possible.
You can configure E-Mail VirusWall's options with its applet or by using a
Web browser; the latter method is ideal for administrators who work from remote
machines. Both methods provide a rich set of configuration options: You can
customize logging functions, cleaning options, and notification messages, as
shown in Screen 1. To save time, you can set the scanner to allow certain files,
such as DLL files, to pass through automatically.
When a file arrives via email, the program performs like a conventional
virus scanner. It creates a duplicate of the file and scans it. If the file is
clean, the program passes the file through the gateway and the mail server
delivers it. If the file is infected, however, E-Mail VirusWall moves the file
to a temporary directory, cleans the file automatically and passes it through to
the server, deletes the file, or sends it anyway, depending on your
instructions. The program also sends warning messages to the sender, the
recipient, and the administrator. You can change these messages in the
configuration program as needed. E-Mail VirusWall supports UUencoded files,
MIME, and most popular compression formats, including ARJ and ZIP.
As a reviewer, I hate to admit that I've noticed no significant snags in
the program. To test it, I set up an Exchange Server acting as an SMTP mail
server. I attached an executable file infected with the Jerusalem virus and sent
it to another email address on the server. When the file arrived on the server,
E-Mail VirusWall scanned the file, cleaned it, delivered it, and sent out three
notification messages.
If you send files via email on your network, or if you have a mail server
on the Internet, look into E-Mail VirusWall. It works so well and is so
unobtrusive that you won't know it's there. Even though E-Mail VirusWall detects
the same viruses that conventional virus scanners trap (e.g., boot sector
viruses and document macro viruses), E-Mail VirusWall complements your existing
virus scanner because the two scanners look at different files. Following the
trend set by McAfee and Symantec in their virus scanners, E-Mail VirusWall lets
you retrieve virus definition updates electronically so the program will scan
for new viruses. On unattended servers, I recommend turning on automatic
updating and setting it to poll Trend Micro's server weekly for updated
definitions. A 30-day trial version of E-Mail VirusWall is available from
http://www.trendmicro.com/emvwnt-dl.html.
End of Article
Register
