eProMail: Spam & Virus Protection

Navigating a Dynamic Threat Landscape for Email

Spam used to be annoying. Now, it’s dangerous. Currently, one out of every 291 emails contains a virus*. Email is now the leading entry point for network threats like viruses, Trojans, and worms. Lost productivity from checking and deleting spam and the expense of rallying the IT department to fix and recover lost data costs over $20 billion a year**.

Keeping the spam menace out of your organization is not an easy or cheap proposition. The software licenses alone are costly. Add to that constant maintenance to ensure protection against emerging threats.

Looking for relief? Look to eProMail.
With eProMail, you get exceptional support and affordable, feature-rich business email and the strongest threat detection structure in the industry. We combined the best of our threat scanning capabilities with industry leaders in spam and virus protection.

ePromail uses the latest and best in technology to combat and reduce unsolicited email (spam). We estimate that over 95% of all email traffic is spam. Spam is not only a distraction; it can serve as a vector for viruses, malware, and phishing attacks. Our email spam filtering system is a continuously-updated, multi-layered process that eliminates 98% of all spam with near zero false-positives. Below is the layering process:

1:The Gateway Scan
As soon as an email arrives the sending IP address is compared to an aggregated spam blacklist compiled from multiple spammer tracking systems. Our gateway servers also analyse the email message in the context of other arriving mail. If a large number of emails are coming simultaneously from a single IP or are addressed to random addresses that do not exist in our system, it could signify a spam attack and the email will be blocked. If the sending address is from a domain in our system but the mailbox does not exist the email will be blocked. This last case is called “spoofing” and it is the reason you may have received spam from your own email address or domain.

2: Cloudmark® Scan
All email is scanned by Cloudmark’s industry-leading spam detection software. Cloudmark uses Advanced Message Fingerprinting™ to detect spam, phishing, and viruses. Instead of relying on a spam blacklist Advanced Message Fingerprinting examines algorithm patterns that expose spam across all languages and character formats. These patterns are updated every 60 seconds based on worldwide feedback loops and the latest spammer tactics.

3: The Message Sniffer Scan
Email is then scanned with Message Sniffer from ARM Research Labs. Message Sniffer relies on pattern recognition and machine learning technology to detect spam and malware. It searches the entire message for spam, virus, and malware features including unusual headers, structural artifacts, message source behaviours, obfuscation techniques, email and URL targets, binary and image signatures, unusual code fragments, and even coding styles.

Virus Protection Stages
Epromail also uses the latest and best in technology to make sure your data isn’t compromised. Our antivirus system scans all inbound and outbound emails using a multi-stage process. The process is broken down into the following four stages:

1: Restricted Attachments
Virus protection starts with scanning messages for dangerous types of file attachments. Dangerous files are those that can execute code, which can be used by malicious persons to spread viruses or do harm to your computer. Restricted file types include, but are not limited to, program files (.exe, .com, exe within zip), script files (.bas, .vbs, .js), and shortcuts to files (.lnk, .pif). When an email is sent or received that contains a restricted file attachment, the email is rejected and the sender receives a “bounced” email notification informing them of the restriction.

2: Normalization
This stage of the email antivirus process searches for email formatting vulnerabilities that can be used by viruses to hide from virus scanners. If any vulnerability is found our system corrects the formatting of the message so that it can be thoroughly scanned for viruses. This is called “normalizing” the message, and most notably this process protects against known Microsoft Outlook security threats.

3: Decompression
Next, if the email contains any compressed attachments such as zip files, the compressed attachments are temporarily unzipped so that the contents can be scanned for viruses. Many of today’s viruses use compression as a way to sneak their way past virus scanners, sometimes even compressing themselves in several layers to try to hide from scanners. If an attachment cannot be decompressed, as might be the case for password-protected zip files, the original file is scanned for virus signatures that occur within compressed attachments.

4: Virus Scan
After the above pre-processing is complete an email antivirus scanner is used to scan the email and all of its uncompressed attachments. Everything is scanned to ensure maximum protection against new virus threats. ClamAV (www.clamav.net) is the current scanner of choice, although our system was designed to be able to plug-in any virus scanner on the market should the need to do so arise. Updated virus definitions are automatically pushed to our system. This gives our customers protection from new viruses within minutes. Virus definitions are updated hourly. In contrast, most desktop and server anti-virus programs are configured to check for new virus signatures only once per day.

Maintaining this comprehensive level of threat protection could cost you thousands of dollars a month to maintain. As an eProMail customer, these protections are free with every mailbox you add.


References:
*http://www.symantec.com/content/en/us/enterprise/other_resources/bistr_main_report_v18_2012_21291018.en-us.pdf
**http://pubs.aeaweb.org/doi/pdfplus/10.1257/jep.26.3.87