Mail content checking allows the administrator to block unwanted attachement types in email messages. These mails are blocked and can be reviewed and released by the administrator.

Introduction
A single NetworksDefender appliance can protect users from both spam and virus email messages without the need of user intervention. A big advantage is the NetworksDefender’s mail sweeper – Mail Traffic Content Checking functionality. Mail content checking allows the administrator to block unwanted attachment types in email messages. It updates itself with the latest antivirus and anti-spam patters automatically without the intervention of an IT administrator.

How does it work
As already implied the NetworksDefender appliances offer a comprehensive array of mail protection mechanisms. They are enforced sequentially on each email message that flows through the NetworksDefender (image 1):

• real-time spam block lists;
• banned extensions checking;
• black/white lists;
• antivirus checking;
• anti-spam checking.

 


Real-time spam block lists
Real-time block lists are basically an array of IP addresses that are:
• IP addresses of verified spammers, spam gangs and spam services;
• IP-addresses of verified open SMTP relays;
• known and potential spam sources (open relays, open proxies, open form to mail HTTP gateways, dynamic IP pools, and direct spammers);
• computers believed to run insecure proxies.

Banned extensions
An additional way of preventing unauthorized email reaching clients is to specify specific patterns that represent file extensions being blocked by the mail sweeper. For example with entering *.avi as a banned extension one would prevent users sending and/or receiving email messages that have *.avi attachments. Emails that are stopped on the NetworksDefender appliances because of such attachments are put into a blocked section from which they can be released by the administrator.

Black/white lists
Black/white lists are configured on per-server/per-user level. Black lists represent email addresses (or entire domains) from which email messages are automatically blocked. White lists on the other hand represent email addresses (or entire domains) from which email is allowed and not checked for spam. Since these lists can be defined on per-user basis it means that each individual user can create and later maintain a database of email addresses he or she does not want to receive email from while not influencing on the way other users are receiving email messages.

Antivirus checking
Since antivirus checking is CPU intensive it is at the end of the chain of email tests. The engine used is the main installed engine on the NetworksDefender (also used for web content checking). Each mail is therefore checked and quarantined if email is found to contain a virus. These messages can not be released to recipients in comparison to email messages with blocked attachments and/or spam messages. Depending on the configuration settings both email sender and recipients are informed of an email message being blocked because of a found virus.

Anti-spam checking
The last in the line of mail protection mechanisms is the anti-spam checking. This test itself performs a multitude of sub-tests to determine whether the message is likely to be spam. Since this can not be always determined with 100% accuracy the administrator can set certain thresholds (add notification to email header, add ***SPAM*** to subject, block email message, remove email message).